CVSSv3 Score: 9.1
An Improper Verification of Cryptographic Signature vulnerability[CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager mayallow an unauthenticated attacker to bypass the FortiCloud SSO loginauthentication via a crafted SAML message, if that feature is enabled on the device.Please note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an administrator registers the device to FortiCare from the device’s GUI, unless the administrator disables the toggle switch “Allow administrative login using FortiCloud SSO” in the registration page, FortiCloud SSO login is enabled upon registration. To prevent being affected by this vulnerability on vulnerableversions, please turn off the FortiCloud login feature (if enabled) temporarily untilupgrading to a non-affected version.To turn off FortiCloud login, go to System -> Settings -> Switch”Allow administrative login using FortiCloud SSO” to Off. Or type thefollowing command in the CLI:config system global set admin-forticloud-sso-login disableend
Revised on 2025-12-09 00:00:00
