Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager Denial-of-Service Vulnerability via Unauthenticated FGFM Connection Resets

A denial-of-service vulnerability has been identified in Fortinet FortiOS versions 7.4.0 through 7.4.3 and prior to 7.2.7, FortiProxy versions 7.4.0 through 7.4.3 and prior to 7.2.9, FortiPAM versions prior to 1.2.0, and FortiSwitchManager versions 7.2.0 through 7.2.3 and 7.0.0 through 7.0.3. This vulnerability arises from an improper handling of exceptional conditions in the FGFM daemon, which may allow an unauthenticated attacker to repeatedly reset the FGFM connection by sending crafted SSL-encrypted TCP requests.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition by causing repeated resets of the FGFM connection, disrupting normal communication and potentially causing service interruptions.

Remediation

Users can upgrade Fortinet FortiOS to version 7.4.4 or 7.2.8, FortiProxy to version 7.4.4 or 7.2.10, FortiPAM to a fixed release, and FortiSwitchManager to version 7.2.4 or 7.0.4. Fortinet FortiOS 7.0 and 6.4, as well as FortiPAM versions 1.1 and 1.0, should migrate to a fixed release. Consult the Fortinet upgrade tool for guidance.