Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN164 _____________________________________________________________________ DATE : 13/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): FortiOS versions prior to 7.6.5, 7.4.10. ===================================================================== https://fortiguard.fortinet.com/psirt/FG-IR-25-1052 https://fortiguard.fortinet.com/psirt/FG-IR-25-934 https://fortiguard.fortinet.com/psirt/FG-IR-25-667 https://fortiguard.fortinet.com/psirt/FG-IR-25-795 https://fortiguard.fortinet.com/psirt/FG-IR-25-384 _____________________________________________________________________ LDAP authentication bypass in Agentless VPN and FSSO Summary An Authentication Bypass by Primary Weakness vulnerability [CWE-305] in FortiOS fnbamd may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, under specific LDAP server configuration. Version Affected Solution FortiOS 8.0 Not affected Not Applicable FortiOS 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiOS 7.4 Not affected Not Applicable FortiOS 7.2 Not affected Not Applicable FortiOS 7.0 Not affected Not Applicable FortiOS 6.4 Not affected Not Applicable Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool Workaround: Disable unauthenticated bind on the LDAP server. For example, LDAP unauthenticated binds can be disabled in Windows Active Directory (starting from Windows Server 2019) via the following PowerShell code snippet: $configDN = (Get-ADRootDSE).configurationNamingContext $dirSvcDN = "CN=Directory Service,CN=Windows NT,CN=Services,$configDN" Set-ADObject -Identity $dirSvcDN -Add @{'msDS-Other-Settings'='DenyUnauthenticatedBind=1'} Acknowledgement Fortinet is pleased to thank Jort Geurts from the Actemium Cyber Security Team for reporting this vulnerability under responsible disclosure. Timeline 2026-02-10: Initial publication IR Number FG-IR-25-1052 Published Date Feb 10, 2026 Component SSL-VPN Severity High CVSSv3 Score 7.5 Impact Improper access control CVE ID CVE-2026-22153 Download CVRF CSAF _____________________________________________________________________ SSL-VPN Symlink Persistence Patch Bypass Summary An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level. Version Affected Solution FortiOS 7.6 7.6.0 through 7.6.1 Upgrade to 7.6.2 or above FortiOS 7.4 7.4.0 through 7.4.6 Upgrade to 7.4.7 or above FortiOS 7.2 7.2 all versions Migrate to a fixed release FortiOS 7.0 7.0 all versions Migrate to a fixed release FortiOS 6.4 6.4 all versions Migrate to a fixed release Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool This vulnerability can only be abused as a consequence of a threat actor exploiting a known vulnerability to implement read-only access to vulnerable FortiGate devices, at file system level. Products that never had SSL-VPN enabled, are not impacted by this issue. Acknowledgement Fortinet is pleased to thank Peter Gabaldon from ITRESIT (https://itresit.es/en/home-en/) for reporting this vulnerability under responsible disclosure. Timeline 2026-02-10: Initial publication References https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor- activity IR Number FG-IR-25-934 Published Date Feb 10, 2026 Component SSL-VPN Severity Medium CVSSv3 Score 5.3 Impact Information disclosure CVE ID CVE-2025-68686 Download CVRF CSAF _____________________________________________________________________ Request smuggling attack in FortiOS GUI Summary An HTTP request smuggling vulnerability [CWE-444] in FortiOS may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header Version Affected Solution FortiOS 7.6 7.6.0 Upgrade to 7.6.1 or above FortiOS 7.4 7.4.0 through 7.4.9 Upgrade to 7.4.10 or above FortiOS 7.2 7.2 all versions Migrate to a fixed release FortiOS 7.0 7.0 all versions Migrate to a fixed release FortiOS 6.4 6.4.3 through 6.4.16 Migrate to a fixed release Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool Acknowledgement Discovered by Daobing Li from Fortinet R&D Team Timeline 2026-02-10: Initial publication IR Number FG-IR-25-667 Published Date Feb 10, 2026 Component GUI Severity Medium CVSSv3 Score 5.2 Impact Execute unauthorized code or commands CVE ID CVE-2025-55018 Download CVRF CSAF _____________________________________________________________________ Format String Vulnerability in CAPWAP fast-failover mode Summary A Use of Externally-Controlled Format String vulnerability [CWE-134] in FortiGate may allow an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. Version Affected Solution FortiOS 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiOS 7.4 7.4.0 through 7.4.9 Upgrade to 7.4.10 or above FortiOS 7.2 7.2.0 through 7.2.11 Migrate to a fixed release FortiOS 7.0 7.0 all versions Migrate to a fixed release FortiOS 6.4 Not affected Not Applicable Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool Virtual Patch named "FG-VD-59445.0day." is available in FMWP db update 26.010 Acknowledgement Internally discovered and reported by Yonghui Han of Fortinet Product Security team. Timeline 2026-02-10: Initial publication IR Number FG-IR-25-795 Published Date Feb 10, 2026 Component CLI Severity Medium CVSSv3 Score 6.7 Impact Execute unauthorized code or commands CVE ID CVE-2025-64157 Download CVRF CSAF _____________________________________________________________________ Firewall policy bypass in FSSO Terminal Services Agent Summary An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] in FortiOS FSSO Terminal Services Agent may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests. Version Affected Solution FortiOS 8.0 Not affected Not Applicable FortiOS 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above with FSSO TS Agent version 5.0 build 0324 and later FortiOS 7.4 7.4.0 through 7.4.9 Upgrade to upcoming 7.4.10 or above with FSSO TS Agent version 5.0 build 0324 and later FortiOS 7.2 7.2 all versions Migrate to a fixed release FortiOS 7.0 7.0 all versions Migrate to a fixed release FortiOS 6.4 Not affected Not Applicable Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool Upgrade the FSSO TS Agent to version 5.0 build 0324 and later. Acknowledgement Fortinet is pleased to thank Tijl Deneut from e-BO Enterprises for reporting this vulnerability under responsible disclosure. Timeline 2026-02-10: Initial publication IR Number FG-IR-25-384 Published Date Feb 10, 2026 Component OTHERS Severity Low CVSSv3 Score 3.8 Impact Improper access control CVE ID CVE-2025-62439 Download CVRF CSAF ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================