CVE-2023-29175

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.2 through 7.2.0 FortiOS versions 7.0.0 through 7.0.10 FortiProxy versions 1.2 through 2.0 FortiProxy versions 7.0.0 through 7.0.9 FortiProxy versions 7.2.0 through 7.2.3

Description The issue is related to an improper certificate validation, which may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server.

Recommendations For FortiOS versions 6.2 through 7.2.0, update to a version that includes the fix for the improper certificate validation vulnerability. For FortiOS versions 7.0.0 through 7.0.10, update to a version that includes the fix for the improper certificate validation vulnerability. For FortiProxy versions 1.2 through 2.0, update to a version that includes the fix for the improper certificate validation vulnerability. For FortiProxy versions 7.0.0 through 7.0.9, update to a version that includes the fix for the improper certificate validation vulnerability. For FortiProxy versions 7.2.0 through 7.2.3, update to a version that includes the fix for the improper certificate validation vulnerability. As a temporary workaround, consider disabling the communication with the remote FortiGuard's map server until a patch is available.