FortiEDR - Hardcoded AES key enable disabling local Collector


A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.

Affected Products

FortiEDR version 4.0.0
FortiEDR version 5.0.0 through 5.0.2


Upgrade to FortiEDR version 5.0.3


Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.