Their FortiGuard service communication (sending customer behaviour metadata to the cloud to get back threat ratings) was encrypted with a static key, used over several products. A MITM with knowledge of that key could collect data or inject responses.
Fortinet was notified in May 2018 and released the advisory now 🤯
Everything is fine in the #infosec wold...
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!