Firewall information leak to regular SSL VPN web portal users

Summary

A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically crafted URLs.

Affected Products

FortiOS 5.6.0 to 5.6.2
FortiOS 5.4.0 to 5.4.8
FortiOS 5.2 branch all versions

Solutions

Upgrade to FortiOS 5.6.3 or 5.4.9 or newer versions.

Acknowledgement

Fortinet is pleased to thank Fox-IT (https://www.fox-it.com) reporting this vulnerability under responsible disclosure.