A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Upgrade to FortiWeb version 8.0.1 or above
Upgrade to FortiWeb version 7.6.5 or above
Upgrade to FortiWeb version 7.4.10 or above
Upgrade to FortiPAM version 1.8.0 or above
Upgrade to FortiProxy version 7.6.4 or above
Upgrade to FortiProxy version 7.4.11 or above
Upgrade to FortiProxy version 7.2.15 or above
Upgrade to FortiProxy version 7.0.22 or above
Fortinet remediated this issue in FortiSASE version 25.3.b and hence customers do not need to perform any action.
Upgrade to FortiOS version 7.6.4 or above
Upgrade to FortiOS version 7.4.9 or above
Upgrade to FortiOS version 7.2.12 or above
Upgrade to FortiOS version 7.0.18 or above
Upgrade to FortiSwitchManager version 7.2.7 or above
Upgrade to FortiSwitchManager version 7.0.6 or above