FortiOS IKE VendorID version information disclosure


The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number.

Affected Products

FortiOS 5.2.0 -> 5.2.11
FortiOS 5.4.0 -> 5.4.4
FortiOS 5.6.0


FortiOS 5.2 branch, upgrade to 5.2.11 or newer versions. FortiOS 5.4 branch, upgrade to 5.4.5 or newer versions. FortiOS 5.6 branch, upgrade to 5.6.1 or newer versions.


Fortinet is pleased to thank independent researcher Alexis La Goutte for reporting this vulnerability under responsible disclosure.