Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    6.5.6
    6.6.2
    6.6.1
    6.6.0
    6.5.6
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.1
    5.4.0
    5.3.1
    5.3.0
    5.2.2
    5.2.1
    5.2.0
    5.1.2
    5.1.1
    5.1.0
    5.0.0
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.1
    4.2.0

    Resolved issues

    Resolved issues

    The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please contact Technical Support within the FortiCare portal.

    Bug ID

    Description

    957770

    BlackDuck Component Update - Berkeley DB 5.3.28.

    983847

    Unable to trigger FortiToken auto push with IPSec ikev2 using FortiAuthenticator as RADIUS server with FortiClient/FortiGate client.

    1017747

    FortiAuthenticator does not respond to SCEP request from Apple MDM.

    1025499

    Silence excessive WAD logs.

    1041232

    Third party component upgrade required for security reasons:CVE-2023-52434 on Linux Kernel.

    1045487

    radiusd crashes when the user lockout time is NULL.

    1076780

    Sporadic 500 error in SAML IdP login.

    1080629

    curl upgrade in 6.5.

    1080681

    SAML 500 error during logout - Invalid Session Index.

    1081251

    Improper session expiration after the administrator accounts are removed.

    1081415

    Removal of libgd component.

    1082809

    ftmd crash if the FTM server returns a NULL state when polling a pending token.

    1083193

    libxml2 upgrade in 6.5.

    1083211

    Django upgrade in 6.5.

    1083212

    Python jinja2 upgrade in 6.5.

    1083213

    OpenVPN upgrade in 6.5.

    1084688

    WAD worker crashes after processing the FortiAuthenticator agent REST API request.

    1086837

    If mailNickName is used as the LDAP username attribute, the remote LDAP user authentication is broken.

    1091487

    Fix two potential crashes (null dereferences) in the WAD http engine.

    1084561

    Eliminate possibility of SQL injection in TACACS+ server.

    1084569

    Eliminate possibility of SQL injection in TACACS+ server.

    1084570

    Eliminate possibility of SQL injection in SCEP server.

    1084571

    Eliminate possibility of SQL injection in LB HA daemon.

    1091783

    Prevent potential path manipulation in Python.

    1098454

    Eliminate possibility of shell injection through HSM operations.

    Common Vulnerabilities and Exposures

    Bug ID

    CVE references

    1041232

    FortiAuthenticator 6.5.6 is no longer vulnerable to the following CVE-Reference(s):

    • CVE-2023-52434

    1054794

    FortiAuthenticator 6.5.6 is no longer vulnerable to the following CVE-Reference(s):

    • CVE-2024-3596
    Previous
    Next

    Resolved issues

    Resolved issues

    The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please contact Technical Support within the FortiCare portal.

    Bug ID

    Description

    957770

    BlackDuck Component Update - Berkeley DB 5.3.28.

    983847

    Unable to trigger FortiToken auto push with IPSec ikev2 using FortiAuthenticator as RADIUS server with FortiClient/FortiGate client.

    1017747

    FortiAuthenticator does not respond to SCEP request from Apple MDM.

    1025499

    Silence excessive WAD logs.

    1041232

    Third party component upgrade required for security reasons:CVE-2023-52434 on Linux Kernel.

    1045487

    radiusd crashes when the user lockout time is NULL.

    1076780

    Sporadic 500 error in SAML IdP login.

    1080629

    curl upgrade in 6.5.

    1080681

    SAML 500 error during logout - Invalid Session Index.

    1081251

    Improper session expiration after the administrator accounts are removed.

    1081415

    Removal of libgd component.

    1082809

    ftmd crash if the FTM server returns a NULL state when polling a pending token.

    1083193

    libxml2 upgrade in 6.5.

    1083211

    Django upgrade in 6.5.

    1083212

    Python jinja2 upgrade in 6.5.

    1083213

    OpenVPN upgrade in 6.5.

    1084688

    WAD worker crashes after processing the FortiAuthenticator agent REST API request.

    1086837

    If mailNickName is used as the LDAP username attribute, the remote LDAP user authentication is broken.

    1091487

    Fix two potential crashes (null dereferences) in the WAD http engine.

    1084561

    Eliminate possibility of SQL injection in TACACS+ server.

    1084569

    Eliminate possibility of SQL injection in TACACS+ server.

    1084570

    Eliminate possibility of SQL injection in SCEP server.

    1084571

    Eliminate possibility of SQL injection in LB HA daemon.

    1091783

    Prevent potential path manipulation in Python.

    1098454

    Eliminate possibility of shell injection through HSM operations.

    Common Vulnerabilities and Exposures

    Bug ID

    CVE references

    1041232

    FortiAuthenticator 6.5.6 is no longer vulnerable to the following CVE-Reference(s):

    • CVE-2023-52434

    1054794

    FortiAuthenticator 6.5.6 is no longer vulnerable to the following CVE-Reference(s):

    • CVE-2024-3596
    Previous
    Next