An exposure of sensitive information to an unauthorized actor vulnerability in FortiGate may allow a remote authenticated attacker to read the SSL VPN events log entries of users in other VDOMs byÂ executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, and IP addresses.
Affected ProductsFortiGate versions 6.0.10 and below.
FortiGate versions 6.2.4 and below.
FortiGate versions 6.4.1 and below.