CVE-2023-47537

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4 through 7.0.13 FortiOS versions 7.2.0 through 7.2.6 FortiOS versions 7.4.0 through 7.4.1

Description The issue is related to an improper certificate validation procedure in the FortiLink protocol implementation, allowing a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS device and FortiSwitch. This could enable the attacker to decipher and alter the communication.

Recommendations For FortiOS versions 6.4 through 7.0.13, update to a version that includes the fix for the improper certificate validation vulnerability. For FortiOS versions 7.2.0 through 7.2.6, update to a version that includes the fix for the improper certificate validation vulnerability. For FortiOS versions 7.4.0 through 7.4.1, update to a version that includes the fix for the improper certificate validation vulnerability. As a temporary workaround, consider restricting access to the FortiLink communication channel to minimize the risk of exploitation.