The FortiFMG daemon is a component of FortiOS and FortiProxy, which are used to manage and secure network connections. The vulnerability allows an attacker to reset the fgfm connection via crafted SSL encrypted TCP requests, potentially leading to denial-of-service attacks or further exploitation.
You're affected if you use:
- FortiOS version 7.4.0 through 7.4.3
- FortiProxy version 7.4.0 through 7.4.3
- FortiPAM versions prior to 1.2.0
- FortiSwitchManager version 7.2.0 through 7.2.3
Check with: grep fgfm /var/log/fortifm.log (Note: This command may vary depending on your system configuration)
This is FortiOS, NOT Juniper Networks' other products like SRX or SRX Next.
Upgrade to FortiOS 7.6 or later.
- For FortiProxy, upgrade to 7.4.4 or above.
- For FortiPAM, migrate to a fixed release (version 1.2.0 or higher).
- Immediately:
- Restrict network access to your FortiFMG instance
- Monitor for suspicious fgfm connection resets