FortiOS reveals platform information without authentication


An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information such as version, via parsing a JavaScript file.

Affected Products

FortiOS 6.2.3, 6.2.0 and below


Upgrade to FortiOS 6.2.1, 6.2.2, 6.2.4 or above Revision History: 2019-08-08 Initial Version 2020-06-01 Issue reintroduced on 6.2.3 and addressed in 6.2.4 and 6.4.0


Fortinet is pleased to thank Alp Hisim of Biznet Bilisim ( and an independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting this vulnerability under responsible disclosure.