Announcement- FortiCloud Single Sign-On (SSO) - [FG-IR-25-647]

Dear Clients,

The FG-IR-25-647 vulnerability affects the FortiCloud Single Sign-On (SSO) authentication mechanism used as an alternative to access platforms such as FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. The flaw could allow an unauthenticated attacker to manipulate the login flow and attempt to gain unauthorized access to the environment.

Because it is present in widely used solutions, this vulnerability required immediate attention to prevent exploitation risks and potential unauthorized access to devices and administrative interfaces.

The attack exploits a deficiency in the FortiCloud SSO authentication flow, allowing manipulation of requests sent to the login service. This improper interaction with the authentication server could result in incorrect credential validation, opening the door for unauthorized access attempts.

Fortinet has released security updates that fully address the issue. We have already applied all necessary patches in the monitored environments, ensuring complete mitigation of the vulnerability.

Platforms affected by the vulnerability:

• FortiOs

• FortiWeb

• FortiProxy

• FortiSwitchManager

All devices under our management are fully protected.

If you have any questions or need more information, the SOC is available to assist you.

Sincerely,

SOC Team - Inorpel Cybersecurity