Improper check for certificate revocation vulnerability

Summary

Certificates taken out of service could potentially be improperly re-used.

Impact detail

Fortinet has already taken steps to mitigate the risk. To be clear however, pursuant to this CRITICAL-level alert, Fortinet strongly recommends that customers upgrade the identified customer-side mitigations as shown under "Solutions" below.

Version Affected Solution
FortiOS 6.2 6.2.0 Upgrade to 6.2.1 or above
FortiOS 6.0 6.0.0 through 6.0.5 Upgrade to 6.0.6 or above
FortiOS 5.6 5.6.0 through 5.6.9 Upgrade to 5.6.10 or above
FortiOS 5.4 5.4.0 through 5.4.11 Upgrade to 5.4.12 or above
FortiOS 5.2 5.2 all versions Migrate to a fixed release
FortiOS 5.0 5.0 all versions Migrate to a fixed release
FortiOS 4.3 4.3 all versions Migrate to a fixed release
FortiOS 4.2 4.2 all versions Migrate to a fixed release
FortiOS 4.1 4.1 all versions Migrate to a fixed release
FortiOS 4.0 4.0 all versions Migrate to a fixed release
FortiOS 3.0 3.0 all versions Migrate to a fixed release
FortiOS 2.0 2.0 all versions Migrate to a fixed release
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool