====================================================================

                             CERT-Renater

                 Note d'Information No. 2017/VULN037
_____________________________________________________________________

DATE                : 15/02/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiManager versions prior to
                                 5.2.8, 5.4.2

=====================================================================
http://fortiguard.com/advisory/FG-IR-16-055
____________________________________________________________________

FortiManager TLS certificate validation failure

FortiManager does not properly validate TLS certificates when probing
for devices to administer. This leads to potential pre-shared secret
exposure.


Impact

Credentials exposure

Affected Products

FortiManager 5.0.6 to 5.2.7 and 5.4.0 to 5.4.1.

Risk
4High


Solutions

Upgrade to FMG 5.2.8 and 5.4.2


Acknowledgement

Fortinet is pleased to thank the AirBus security team for reporting
this vulnerability under responsible disclosure

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================