What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI

Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.

It turned out that during the update process the server certificate used for the WebUI is lost.

Config with v6.0.4 (it does not happen with „self-signed“ only):

config system global
set admin-server-cert "self-signed"
end
„What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI“ weiterlesen

FortiGate SSLVPN Update-Empfehlung

Auf dem FortiGate wurden einige Schwachstellen im SSLVPN Portal bekannt. Diese reichen von Weiterleitungen durch Cross-Site-Scripts (XSS) bis hin zum Download Systemdateien und das Zurücksetzen von Benutzerkennwörtern.

FortiGate SSL VPN web portal login redir XSS vulnerability (FG-IR-17-242, CVE-2017-14186)
Unauthenticated SSL VPN users password modification (FG-IR-18-389, CVE-2018-13382)
FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests (FG-IR-18-384, CVE-2018-13379)

„FortiGate SSLVPN Update-Empfehlung“ weiterlesen