FortiManager allows unauthorized viewing of vdoms settings by any adom standard users
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-18-016
Final
1
1
2018-08-27T00:00:00
Current version
2018-08-27T00:00:00
2018-08-27T00:00:00
A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom.
Information Disclosure
FortiManager 6.0.1 and below.
Upgrade to FortiManager 6.0.2 or above.
Fortinet is pleased to thank Yasar Calay, Beyaz Bilgisayar Danışmanlık Hizmetleri Ltd. Şti. for reporting this vulnerability under responsible disclosure.
FortiManager 6.0.1
FortiManager 6.0.0
FortiManager 5.6.11
FortiManager 5.6.10
FortiManager 5.6.9
FortiManager 5.6.8
FortiManager 5.6.7
FortiManager 5.6.6
FortiManager 5.6.5
FortiManager 5.6.4
FortiManager 5.6.3
FortiManager 5.6.2
FortiManager 5.6.1
FortiManager 5.6.0
FortiManager allows unauthorized viewing of vdoms settings by any adom standard users
CVE-2018-1353
FortiManager-6.0.1
FortiManager-6.0.0
FortiManager-5.6.11
FortiManager-5.6.10
FortiManager-5.6.9
FortiManager-5.6.8
FortiManager-5.6.7
FortiManager-5.6.6
FortiManager-5.6.5
FortiManager-5.6.4
FortiManager-5.6.3
FortiManager-5.6.2
FortiManager-5.6.1
FortiManager-5.6.0
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-18-016
FortiManager allows unauthorized viewing of vdoms settings by any adom standard users
Reference>