FortiOS VM - Bypass of root file system integrity checks at boot time on VM

Summary

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesytem integrity check in place.

Version Affected Solution
FortiOS 7.4 Not affected Not Applicable
FortiOS 7.2 7.2.0 through 7.2.3 Upgrade to 7.2.4 or above
FortiOS 7.0 7.0.0 through 7.0.12 Upgrade to 7.0.13 or above
FortiOS 6.4 6.4 all versions Migrate to a fixed release
FortiOS 6.2 6.2 all versions Migrate to a fixed release
FortiOS 6.0 6.0 all versions Migrate to a fixed release
FortiProxy 7.4 7.4.0 through 7.4.1 Upgrade to 7.4.2 or above
FortiProxy 7.2 7.2.0 through 7.2.8 Upgrade to 7.2.9 or above
FortiProxy 7.0 7.0 all versions Migrate to a fixed release
FortiProxy 2.0 2.0 all versions Migrate to a fixed release
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool


Acknowledgement

Fortinet is pleased to thank Michael Anastasakis, Grégoire Lodi and Rustam Komildzhonov from Klarna for reporting this vulnerability under responsible disclosure.

Timeline

2023-11-02: Initial publication