| IR Number | FG-IR-21-051 |
| Date | Dec 7, 2021 |
| Component | SSL-VPN |
| Severity |
High |
| CVSSv3 Score | 7.3 |
| Impact | Information disclosure |
| CVE ID | CVE-2021-26108 |
| Affected Products |
FortiOS
:
7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0
|
| CVRF | Download |
| Language |
Refine Search
PSIRT Advisories
FortiOS - Hardcoded SSLVPN cookie encryption key
Summary
A use of hard-coded cryptographic key vulnerability [CWE 321] in FortiOS SSLVPN may allow an attacker to retrieve the key by reverse engineering.
Affected Products
Only when SSLVPN is enabled:
FortiOS 6.4.5 and below.
FortiOS 6.2.8 and below.
FortiOS 6.0.12 and below.
FortiOS 5.6.13 and below.
FortiOS-6K7K version 6.4.2.
FortiOS-6K7K version 6.2.6 and below.
Solutions
Upgrade to FortiOS 7.0.0 or above.
Upgrade to FortiOS 6.4.6 or above.
Upgrade to FortiOS 6.2.10 or above.
Upgrade to FortiOS 6.0.13 or above.
Upgrade to FortiOSÂ 5.6.14 or above.
Upgrade to FortiOS-6K7K version 6.2.7 or above.
For new high-end F-Series Models (FG-1800F, FG-3800F, FG-4200F, FG-4400F) please upgrade to 6.2.9