FortiOS - Lack of certificate verification when establishing secure connections to some external end-points
An improper certificate validation vulnerability [CWE-295] in FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.
FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0
Please upgrade to FortiOS version 7.0.1 or above.
Please upgrade to FortiOS version 6.4.9 or above.