Serial number disclosure in the FortiOS PPTP server hostname protocol field
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-18-101
Final
1
1
2018-11-16T00:00:00
Current version
2018-11-16T00:00:00
2018-11-16T00:00:00
Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol.
Information Disclosure
FortiOS 6.0.1 and before
Upgrade to FortiOS 6.0.2 or later
Fortinet is pleased to thank security researcher Mark Oakton at Infosec Partners reporting this vulnerability under responsible disclosure.
FortiOS 6.0.1
FortiOS 6.0.0
FortiOS 5.6.7
FortiOS 5.6.5
FortiOS 5.6.4
FortiOS 5.6.3
FortiOS 5.6.2
FortiOS 5.6.1
FortiOS 5.6.0
FortiOS 5.4.13
FortiOS 5.4.12
FortiOS 5.4.11
FortiOS 5.4.10
FortiOS 5.4.9
FortiOS 5.4.8
FortiOS 5.4.7
FortiOS 5.4.6
FortiOS 5.4.5
FortiOS 5.4.4
FortiOS 5.4.3
FortiOS 5.4.2
FortiOS 5.4.1
FortiOS 5.4.0
Serial number disclosure in the FortiOS PPTP server hostname protocol field
CVE-2018-13366
FortiOS-6.0.1
FortiOS-6.0.0
FortiOS-5.6.7
FortiOS-5.6.5
FortiOS-5.6.4
FortiOS-5.6.3
FortiOS-5.6.2
FortiOS-5.6.1
FortiOS-5.6.0
FortiOS-5.4.13
FortiOS-5.4.12
FortiOS-5.4.11
FortiOS-5.4.10
FortiOS-5.4.9
FortiOS-5.4.8
FortiOS-5.4.7
FortiOS-5.4.6
FortiOS-5.4.5
FortiOS-5.4.4
FortiOS-5.4.3
FortiOS-5.4.2
FortiOS-5.4.1
FortiOS-5.4.0
5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-18-101
Serial number disclosure in the FortiOS PPTP server hostname protocol field
Reference>