Systems Engineering is aware of the vulnerability affecting customers with Fortinet Firewalls who are using an SSL VPN (Secure Sockets Layers Virtual Private Network) to connect to their offices remotely. This vulnerability utilizes an improper limitation of a pathname to a restricted directory ("path traversal") in multiple Fortinet OS versions under the SSL VPN web portal. This allows an unauthenticated, remote attacker to download system files via special crafted HTTP resource requests. Fortinet has recently released a patch to address the vulnerability.
Course of Action
Systems Engineering has determined that this vulnerability impacts multiple customers. To avoid this vulnerability from being exploited, the team is working to patch all customer Fortinet Firewalls who subscribe to the following services; EventWatch, Critical Care, Network Security, and IT Essentials. We are contacting covered customers to organize a convenient downtime window to patch affected firewalls.
For those using Fortinet Firewall's SSL VPN to connect to offices remotely and are not covered under one of our previously mentioned services, it is recommended you push the patch independently.
Please contact Systems Engineering Customer Service at 207.772.4199 or your Account Manager with any questions.