FML ID: FG-IR-18-38=
4
CVE ID: CVE-2018-13379
We want to make you aware that an alleged threat actor scanned the intern=
et and identified a list of FortiGate devices which have not been upgrade=
d since publication of
CVE-2018-13379/FG-IR-18-384. This vulnerability was fixed in 2019 in =
FortiOS 5.4.13, 5.6.8, 6.0.5 or 6.2.0 and above and customers were notifi=
ed through the PSIRT Advisory process and release notes.
We continue to remind customers that it is critical to keep FortiGate dev=
ices running the latest patch for your release in order to be up-to-date =
with the latest security fixes.
** Due to the ability to exploit this issue=
remotely and that threat actors actively target this vulnerability, Fort=
inet is strongly recommending all customers with the vulnerable versions =
to perform an immediate upgrade. **
Affected Products
FortiOS 6.0 – 6.0.0 to 6.0.4FortiOS 5.6 – 5.6.3 to 5.6.7FortiOS 5.4 – 5.4.6 to 5.4.12
(Other branches and versions than above are not impacted)
Solutions
Upgrade to FortiOS 5.4.13, 5.6.8, 6.0.5 or 6.2.0 and above.=
Workarounds
If these devices cannot be updated, SSL-VPN function should be disabl=
ed. For details on this workaround see the
original adviso=
ry FG-IR-18-384.
For more details, see the
July 2020 threat blog.
© 2020 Fortinet, Inc. All rights reserv=
ed. Fortinet®, FortiGate®, and FortiGuard® are registered tra=
demarks of Fortinet, Inc., and other names herein may also be trademarks =
of Fortinet or third parties. The information herein is provided
for remedial purposes and is designed to assist customers in action that=
may be helpful to the customer. Nothing herein represents any binding co=
mmitment or admission by Fortinet, and Fortinet disclaims all representat=
ions and warranties. All Fortinet end-customers
are bound by the terms of Fortinet’s current End User License Agreement.=
*** Please note that this message and any attachments may contain confid=
ential
and proprietary material and information and are intended only for the us=
e of
the intended recipient(s). If you are not the intended recipient, you are=
hereby
notified that any review, use, disclosure, dissemination, distribution or=
copying
of this message and any attachments is strictly prohibited. If you have r=
eceived
this email in error, please immediately notify the sender and destroy thi=
s e-mail
and any attachments and all copies, whether electronic or printed.
Please also note that any views, opinions, conclusions or commitments exp=
ressed
in this message are those of the individual sender and do not necessarily=
reflect
the views of Fortinet, Inc., its affiliates, and emails are not binding o=
n
Fortinet and only a writing manually signed by Fortinet’s General Counsel=
can be
a binding commitment of Fortinet to Fortinet’s customers or partners. Tha=
nk you. ***