Padding oracle in cookie encryption

Summary

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.

Affected Products

FortiOS versions 7.0.3 and below.
FortiOS versions 6.4.8 and below,
FortiOS 6.2 all versions
FortiOS 6.0 all versions

FortiWeb 6.4 all versions
FortiWeb versions 6.3.16 and below,
FortiWeb 6.2 all versions
FortiWeb 6.1 all versions
FortiWeb 6.0 all versions

FortiProxy versions 7.0.1 and below,
FortiProxy versions 2.0.7 and below,
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
FortiProxy 1.0 all versions

FortiSwitch versions 7.0.3 and below,
FortiSwitch versions 6.4.10 and below,
FortiSwitch 6.2 all versions
FortiSwitch 6.0 all versions

Solutions

Upgrade to FortiOS version 7.0.4 or above.
Upgrade to FortiOS version 6.4.9 or above.

Upgrade to FortiWeb version 7.0.0 or above.
upgrade to FortiWeb version 6.3.17 or above.

Upgrade to FortiProxy version 7.0.2 or above.
Upgrade to FortiProxy version 2.0.8 or above.

Upgrade to FortiSwitch version 7.2.0 or above.
Upgrade to FortiSwitch version 7.0.4 or above.
Upgrade to FortiSwitch version 6.4.11 or above.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.