Fortinet Firmware Advisory

Christopher Souza | CEO

Fortinet has released a security advisory regarding a recently identified vulnerability affecting certain Fortinet devices configured to use FortiCloud Single Sign-On (SSO). While this issue has received attention, it’s important to note that there is currently no evidence of active exploitation, and Fortinet has already taken proactive mitigation steps to protect customers.

What Fortinet Has Done

To reduce potential exposure, Fortinet has taken proactive steps at the FortiCloud level:

• FortiCloud access has been restricted for devices running vulnerable firmware versions
• Only devices operating on non-vulnerable, updated firmware are permitted to connect to FortiCloud services, including FortiCloud SSO

These actions significantly reduce risk while customers complete required updates within their environments.

Who Is Impacted

• This vulnerability only affects environments using FortiCloud SSO
• Organizations not using FortiCloud SSO are not currently at risk

Even if FortiCloud SSO is not in use, Fortinet strongly recommends applying all available updates to ensure continued protection and compatibility. Check out their official advisory here: https://www.fortiguard.com/psirt

Required Actions

To fully remediate the issue and maintain uninterrupted access to FortiCloud services, Fortinet recommends that customers update every Fortinet product in their environment to the latest firmware and software versions. This includes, but is not limited to:

• FortiGate firewalls
• FortiAP devices
• FortiSwitch devices
• Any additional Fortinet software or virtual appliances

Keeping systems fully up to date ensures alignment with Fortinet’s security guidance and compatibility with FortiCloud-based protections.

Contact TSI for Assistance

If you would like help reviewing your environment, validating firmware versions, or planning and scheduling updates, our team is available to assist. Contact us today.

We will continue to monitor this situation closely and share updates as they become available.

About Technical Support International

TSI is 38-year old cybersecurity (MSSP) and IT support (MSP) company specializing in helping DIB organizations address their NIST 800-171 and CMMC compliance obligations. As a CMMC-AB Registered Provider Organization (RPO), TSI offers a complete NIST 800-171 and CMMC support solution to help guide our clients toward a successful certification audit and provide the assurance that they’re adhering to these expansive compliance requirements.