PSIRT Advisories

FortiOS -- Inter-VDOM information leaking

Summary

An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.

Affected Products

FortiOS version 7.0.0 through 7.0.5
FortiOS version 6.4.0 through 6.4.8
FortiOS version 6.2.0 through 6.2.11

Solutions

Please upgrade to FortiGate version 7.2.0 or above.
Please upgrade to FortiGate version 7.0.6 or above.
Please upgrade to FortiGate version 6.4.9 or above.