FortiOS - RSA SSH host key lost at shutdown
Summary
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS may allow an unauthenticated attacker to perform a man in the middle attack.
Affected Products
At least
FortiOS version 7.2.0
FortiOS version 7.0.1 through 7.0.6
FortiOS version 6.4.0 through 6.4.9
FortiProxy version 7.2.0 through 7.2.1
FortiProxy version 7.0.0 through 7.0.7
FortiProxy 2.0 all versions
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
Solutions
Please upgrade to FortiOS version 7.2.2 or above
Please upgrade to FortiOS version 7.0.8 or above
Please upgrade to FortiOS version 6.4.10 or above
Please upgrade to FortiProxy version 7.2.2 or above
Please upgrade to FortiProxy version 7.0.8 or above