-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.1432
         New Fortiguard bulletin: Vulnerability in OpenSSL library
                               4 April 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Fortinet Products
Publisher:         FortiGuard
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-0778  

Original Bulletin: 
   https://fortiguard.fortinet.com/psirt/FG-IR-22-059

Comment: CVSS (Max):  7.5 CVE-2022-0778 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Vulnerability in OpenSSL library

IR Number    : FG-IR-22-059
Date         : Apr 1, 2022
Risk         : 4/5
CVSSv3 Score : 7.5
Impact       : Denial of service
CVE ID       : CVE-2022-0778
Affected Products: FortiWAN: 5.2.1, 5.2.0, 5.1.2, 5.1.1, 4.5.9, 4.5.8, 4.5.7, 4.5.6,
 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0, 4.4.1, 4.4.0, 4.3.1, 4.3.0, 4.2.7, 4.2.6,
 4.2.5, 4.2.2, 4.2.1, 4.1.3, 4.1.2, 4.1.1, 4.0.6, 4.0.5, 4.0.4, 4.0.3, 4.0.2, 4.0.1,
 4.0.0

FortiManager: 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2,
 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

FortiMail: 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0,
 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7,
 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0

FortiWeb: 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3,
 6.3.2, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1,
 6.3.0

FortiDeceptor: 4.1.0, 4.0.1, 4.0.0, 3.3.2, 3.3.1, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1,
 3.1.0, 3.0.2, 3.0.1, 3.0.0

FortiProxy: 7.0.3, 7.0.2, 7.0.1, 7.0.0

FortiSwitch: 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4,
 6.4.3, 6.4.2, 6.4.10, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1,
 6.2.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

FortiAuthenticator: 6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 
 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

FortiRecorder: 6.4.2, 6.4.1, 6.4.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3,
 6.0.2, 6.0.10, 6.0.1, 6.0.0

FortiOS: 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4,
 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2,
 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.14,
 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0

FortiAnalyzer: 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2,
 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Summary

A security advisory was released affecting the version of OpenSSL library used
in some Fortinet products:

CVE-2022-0778:
The BN_mod_sqrt() function, which computes a modular square root, contains a
bug that can cause it to loop forever for non-prime moduli. Internally this
function is used when parsing certificates that contain elliptic curve public
keys in compressed form or explicit elliptic curve parameters with a base point
encoded in compressed form. It is possible to trigger the infinite loop by
crafting a certificate that has invalid explicit curve parameters. Since
certificate parsing happens prior to verification of the certificate signature,
any process that parses an externally supplied certificate may thus be subject
to a denial of service attack. The infinite loop can also be reached when
parsing crafted private keys as they can contain explicit elliptic curve
parameters. Thus vulnerable situations include: - TLS clients consuming server
certificates - TLS servers consuming client certificates - Hosting providers
taking certificates or private keys from customers - Certificate authorities
parsing certification requests from subscribers - Anything else which parses
ASN.1 elliptic curve parameters Also any other applications that use the
BN_mod_sqrt() where the attacker can control the parameter values are
vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is
not parsed during initial parsing of the certificate which makes it slightly
harder to trigger the infinite loop. However any operation which requires the
public key from the certificate will trigger the infinite loop. In particular
the attacker can use a self-signed certificate to trigger the loop during
verification of the certificate signature. This issue affects OpenSSL versions
1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on
the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in
OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected
1.0.2-1.0.2zc).

Affected Products

FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0 through 7.0.5
FortiManager version 6.2.0 through 6.2.9
FortiManager version 6.4.0 through 6.4.7
FortiManager version 7.0.0 through 7.0.3
FortiAnalyzer version 6.2.0 through 6.2.9
FortiAnalyzer version 6.4.0 through 6.4.7
FortiAnalyzer version 7.0.0 through 7.0.3
FortiDeceptor version 3.0.0 through 3.0.2
FortiDeceptor version 3.1.0 through 3.1.1
FortiDeceptor version 3.2.0 through 3.2.2
FortiDeceptor version 3.3.0 through 3.3.2
FortiDeceptor version 4.0.0 through 4.0.1
FortiDeceptor version 4.1.0
FortiAuthenticator version 6.0.0 through 6.0.7
FortiAuthenticator version 6.1.0 through 6.1.2
FortiAuthenticator version 6.2.0 through 6.2.1
FortiAuthenticator version 6.3.0 through 6.3.3
FortiAuthenticator version 6.4.0 through 6.4.1
FortiMail version 6.0.0 through 6.0.12
FortiMail version 6.2.0 through 6.2.8
FortiMail version 6.4.0 through 6.4.6
FortiMail version 7.0.0 through 7.0.3
FortiRecorder version 6.0.0 through 6.0.10
FortiRecorder version 6.4.0 through 6.4.2
FortiProxy version 7.0.0 through 7.0.3
FortiSwitch version 6.0.0 through 6.0.7
FortiSwitch version 6.2.0 through 6.2.7
FortiSwitch version 6.4.0 through 6.4.10
FortiSwitch version 7.0.0 through 7.0.4
FortiWeb version 6.3.0 through 6.3.18
FortiWeb version 6.4.0 through 6.4.2
FortiWeb version 7.0.0
The following products are under investigation:
FortiVoiceEnterprise
FortiADC
FortiADCManager
FortiAIOps
FortiAP
FortiAP-S
FortiAP-U
FortiClientWindows
FortiClientLinux
FortiClientMac
FortiClientAndroid
FortiClientEMS
FortiSandbox
FortiConnect
FortiDDoS
FortiDDoS-F
FortiEdge
FortiIsolator
FortiNDR
FortiPentest
FortiSIEM
FortiTester
FortiWLM
FortiPortal
FortiWLC
FortiWAN

Solutions

Please upgrade to FortiOS version 6.4.9 or above.
Please upgrade to FortiOS version 7.0.6 or above.
Please upgrade to FortiOS version 7.2.0 or above.
Please upgrade to FortiManager version 6.4.8 or above.
Please upgrade to FortiManager version 7.0.4 or above.
Please upgrade to FortiManager version 7.2.0 or above.
Please upgrade to FortiAnalyzer version 6.4.9 or above
Please upgrade to FortiAnalyzer version 7.0.4 or above
Please upgrade to FortiAnalyzer version 7.2.0 or above
Please upgrade to FortiAuthenticator version 6.4.2 or above
Please upgrade to FortiAuthenticator version 6.5.0 or above
Please upgrade to FortiDeceptor version 4.2.0 or above
Please upgrade to FortiMail version 7.2.0 or above
Please upgrade to FortiMail version 7.0.4 or above
Please upgrade to FortiMail version 6.4.7 or above
Please upgrade to FortiMail version 6.2.9 or above
Please upgrade to FortiRecorder version 7.0.0 or above
Please upgrade to FortiRecorder version 6.4.3 or above
Please upgrade to FortiRecorder version 6.0.11 or above
Please upgrade to FortiProxy version 7.0.4 or above
Please upgrade to FortiWeb version 7.0.1 or above
Please upgrade to FortiWeb version 6.4.3 or above
Please upgrade to FortiWeb version 6.3.19 or above
Please upgrade to FortiSwitch version 7.2.0 or above
Please upgrade to FortiSwitch version 7.0.5 or above
Please upgrade to FortiSwitch version 6.4.11 or above

References

  o https://nvd.nist.gov/vuln/detail/CVE-2022-0778
  o https://www.openssl.org/news/secadv/20220315.txt

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYkp9+ONLKJtyKPYoAQjGmw//eqKaT6PC5bJAwSWWUbdLvg7lpHttegq1
SLDQ1w7QQ3kBNqzJM46zWxm6T+/QyYbanjiideSDIMZ9xojXDyADYpWwSIDOjvqD
87uks53zV3Dir8Bh1/IeLG0o1RJyZaOkYFhJsR60W/0E0YaaBMxcyTgCDjANsMug
D/ex1GAsTQhZgKGY1gfldVDZfYXkalA7Jw6p69bXRMr2g1MLOdfzBsANsIIDf/S3
xze5KEHSyoI3txPpwpUOa1QXrdwLqxHgs3hxHg9CcAafUrQlDsUJecAn34EJL/RZ
jAAL12r35ksdBPDNx4FQAn9Is9HGbA7yelI8Vrl6TOPMLhavnRP8MZfRwBfbS9Ut
gVzlwJWEROgUf4hmSawQ0BxMPZgW6TUujdBe9F9xSBzRblWvnig3bPM9mwpTGUwC
W03uzE08uFecoPMm86Dk9M7vLu/IspZxvHTaV+jUtPZ4UMXq2sqK9GTq6o4o9Yvq
J8rJmW6kNJPcmNslsny658+ybKqliwMAtESVsldpP9ZBOYjxNBHcPz9japkoRyuM
iGwqwagQQopDeEmQWqPSYI4NX353zS/HZattexTnNgMjIaFUpDt2tLejQvsewXOx
LuXuZl+COIHXiGzFrt9wN/G6mK02gMgmvw1OMw1U2cBbxD7EtlftGLfLmmTkOauk
ZXN1sSPAF3I=
=4rMS
-----END PGP SIGNATURE-----