Helpful ReplyHot!FortiOS 5.6.9 is out!

Page: 12 > Showing page 1 of 2
Author
Hosemacht
Bronze Member
  • Total Posts : 48
  • Scores: 1
  • Reward points: 0
  • Joined: 2017/04/18 04:06:13
  • Location: Austria
  • Status: offline
2019/05/14 23:36:16 (permalink)
0

FortiOS 5.6.9 is out!

with only one weird bugfix in the release notes:
 
529745 FortiOS 5.4.11
is no longer vulnerable to the following CVEReference: l CVE-2018-1338
 
https://docs.fortinet.com.../fortios-release-notes
#1
ddskier
Gold Member
  • Total Posts : 396
  • Scores: 16
  • Reward points: 0
  • Joined: 2007/04/10 08:18:06
  • Location: Chicago, IL
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/15 07:27:05 (permalink)
0
I don't get this release.  Only bug fix is:
 
529745 FortiOS 5.4.11 is no longer vulnerable to the following CVE Reference:  CVE-2018-13382
 
Not sure how a 5.4.11 fix applies going from 5.6.8 to 5.6.9.
 

-DDSkier

FCNSA, FCNSP
FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
#2
dedmonds_FTNT
Bronze Member
  • Total Posts : 24
  • Scores: 0
  • Reward points: 0
  • Joined: 2004/08/26 10:01:41
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/15 10:06:57 (permalink)
0
The 5.4.11 reference is a typo.  It should read 5.6.9.  You have an outdated copy of the release notes.  Download the document again.
#3
FlavioB
Gold Member
  • Total Posts : 156
  • Scores: -3
  • Reward points: 0
  • Joined: 2011/10/03 23:11:15
  • Location: Switzerland
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/18 09:00:22 (permalink)
0
OK but anyway: where to find exact description/information about that CVE? I'm not finding any...
F.
#4
Hosemacht
Bronze Member
  • Total Posts : 48
  • Scores: 1
  • Reward points: 0
  • Joined: 2017/04/18 04:06:13
  • Location: Austria
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/20 22:57:39 (permalink)
0
indeed there is no CVE Record for: CVE-2018-1338
maybe another typo?
#5
FlavioB
Gold Member
  • Total Posts : 156
  • Scores: -3
  • Reward points: 0
  • Joined: 2011/10/03 23:11:15
  • Location: Switzerland
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/21 02:17:43 (permalink)
0
the_giraffe_that_wasnt_president
indeed there is no CVE Record for: CVE-2018-1338
maybe another typo?


No typo.
It's simply been reported as "responsible disclosure".
 
#6
ddskier
Gold Member
  • Total Posts : 396
  • Scores: 16
  • Reward points: 0
  • Joined: 2007/04/10 08:18:06
  • Location: Chicago, IL
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/21 07:09:03 (permalink)
0
I applied this update on numerous 100D and 200D.  No issues.

-DDSkier

FCNSA, FCNSP
FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
#7
FlavioB
Gold Member
  • Total Posts : 156
  • Scores: -3
  • Reward points: 0
  • Joined: 2011/10/03 23:11:15
  • Location: Switzerland
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/21 23:08:37 (permalink)
0
ddskier
I applied this update on numerous 100D and 200D.  No issues.


Of course no issues - it's a fix for one CVE (if you want to know about the details, ask your Fortinet representative).
F.
#8
wolfschen
New Member
  • Total Posts : 5
  • Scores: -2
  • Reward points: 0
  • Joined: 2017/09/11 00:12:45
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/23 07:46:46 (permalink)
1 (1)
Hello,
I am also interesting for Upgrade details and Release notes are for me primary source of knowledge about upgrade. When you look on any firmware upgrade cookbook released by Fortinet there is: make a backup and read the release notes. That why last time I am really dissapointed about 'quality' of release notes. On firmware 5.6.9 release notes was typo with 5.4.11 firmware version and NO informations about what is CVE-2018-13382.....
Yesterday was 5.4.11 release with this same CVE-2018-13382..... and guess what? still no info about that CVE. I checked on the mitre.org and just info about reservation.... So i decided to chat with technican from Fortinet. I wasted 20 minutes on queue and I received following information:
########
The vulnerability is about: SSL VPN user password modified.
Currently, the CVE is reserved but not published. You should be able to find additional information with that on our PSIRT page https://fortiguard.com/psirt once the information has been published.
########
I checked also PSIRT (https://fortiguard.com/psirt) and guess what? no info!
then technican said: it is not been updated yet!
So feel free to add more infos about that when you find out more details :)
 
Cheers!
 
#9
FlavioB
Gold Member
  • Total Posts : 156
  • Scores: -3
  • Reward points: 0
  • Joined: 2011/10/03 23:11:15
  • Location: Switzerland
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/23 07:56:04 (permalink)
0
Hi.
You got exactly the same information as I did - but I had only to write an email to my local Fortinet SE this time :-)
Just wait and see...
F.
#10
wolfschen
New Member
  • Total Posts : 5
  • Scores: -2
  • Reward points: 0
  • Joined: 2017/09/11 00:12:45
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/23 07:56:24 (permalink)
0
BTW, Upgrade path tool for 5.4.11 is also not updated!! (Firmware was relesed 24h ago - just to be clear how support pages are up to date)
 
#11
XavierMP
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/04/16 02:50:49
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/27 03:11:11 (permalink)
0
Hi, is now 5.6.9 unsecure too?
Bug FG-IR-19-034 states solution is "Upgrade to FortiOS 6.0.5 or 6.2.0"
https://fortiguard.com/psirt/FG-IR-19-034
Do we need to upgrade to 6.x to have a secure Fortigate?
Thanks
#12
FlavioB
Gold Member
  • Total Posts : 156
  • Scores: -3
  • Reward points: 0
  • Joined: 2011/10/03 23:11:15
  • Location: Switzerland
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/27 06:01:49 (permalink)
1 (1)
No. This bug is already fixed in 6.0.5 and 6.2.0
BR,
Flavio.
#13
XavierMP
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/04/16 02:50:49
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/28 04:07:05 (permalink)
0
This is what I'm saying: 5.6.9 is no longer a secure version.
We need to upgrade to a 6 version, isn't it?
#14
FlavioB
Gold Member
  • Total Posts : 156
  • Scores: -3
  • Reward points: 0
  • Joined: 2011/10/03 23:11:15
  • Location: Switzerland
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/28 04:17:00 (permalink)
2 (1)
XavierMP
This is what I'm saying: 5.6.9 is no longer a secure version.
We need to upgrade to a 6 version, isn't it?


You're misunderstanding: the SAME bug is fixed in
5.6.9
6.0.5
6.2.0
You don't need to move up to 6.x
#15
XavierMP
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/04/16 02:50:49
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/28 04:28:04 (permalink)
0
I'm sorry but in the link:

Affected Products

CVE-2019-5586 FortiOS 5.2.0 to 6.0.4
CVE-2019-5588 FortiOS 6.0.0 to 6.0.4

Solutions

Upgrade to FortiOS 6.0.5 or 6.2.0
 
It says CVE-2019-5586 affects 5.6.9 and it's solved in 6.0.5 and 6.2.0
Do you have any link that shows this bug  resolved in 5.6.9
Thank you very much
#16
FlavioB
Gold Member
  • Total Posts : 156
  • Scores: -3
  • Reward points: 0
  • Joined: 2011/10/03 23:11:15
  • Location: Switzerland
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/28 05:38:12 (permalink)
0
I'm sorry Xavier... I thought we were still talking about CVE-2018-1338
Indeed it seems that there's NO SOLUTION for 5.6 branch!
Let me ask my Fortinet SE.
F.
#17
Kenundrum
Gold Member
  • Total Posts : 145
  • Scores: 15
  • Reward points: 0
  • Joined: 2008/05/15 10:25:50
  • Location: Rhode Island, US
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/28 06:22:57 (permalink)
0
I got notification of this vulnerability over the weekend... No fix on 5.6 is ridiculous! Per Fortinet's own lifecycle policy, 5.6 has until March 2020 for end of normal support and an additional 18 months of security updates after that. I'm opening a support case.
Thankfully there is at least a workaround to disable SSLVPN but that doesn't help on devices that are actually using it. Also the description seems like it's not a critical vulnerability, probably CVSS 5 or 6-ish. If the answer is they're going to fix it in some future 5.6 build, then it might be worth it to wait if jumping to 6.x was not in your plan anytime soon.

NSE4
Some FGT500Es, 500Ds, 60Ds at work
FWF60E, FWF80CM at home
#18
rojekj
Bronze Member
  • Total Posts : 27
  • Scores: 8
  • Reward points: 0
  • Joined: 2017/03/24 03:31:23
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/29 05:11:56 (permalink) ☄ Helpfulby gbagita 2019/06/03 06:55:51
5 (2)
Beware, as this release has a major bug in SSL VPN. When uer is in multiple groups that grants different access in SSL VPN, only the first group is working. For example:
User x is in group vpn_a, and vpn_b, group vpn_a grants access to 1.1.1.1 and group vpn_b grants access to 2.2.2.2. After upgrading to 5.6.9, user can no longer access 2.2.2.2. After removing him from vpn_a group he can access 2.2.2.2 again.
 
Once again - our VPN gateway is broken after upgrade.
When it will be fixed? In 6 months? or 7? So I must live with vulnerable VPN till then?
Seriously, I don't have words for fortinets' QA. Because it does not exist!
#19
FlavioB
Gold Member
  • Total Posts : 156
  • Scores: -3
  • Reward points: 0
  • Joined: 2011/10/03 23:11:15
  • Location: Switzerland
  • Status: offline
Re: FortiOS 5.6.9 is out! 2019/05/29 08:16:46 (permalink)
0
To all:
https://fortiguard.com/psirt/FG-IR-18-389
So finally CVE-2018-13382 is fixed in 5.4.11, 5.6.9, 6.0.5, 6.2.0 and above
 
F.
#20
Page: 12 > Showing page 1 of 2
Jump to:
© 2019 APG vNext Commercial Version 5.5