Written by Rafael Silva

FortiOS — Telnet on the SSL-VPN interface results in information leak

FortiOS — Telnet on the SSL-VPN interface results in information leak

https://ift.tt/wbRAWlx

FortiOS — Telnet on the SSL-VPN interface results in information leak

Summary

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.

Affected Products

FortiOS version 7.2.0
FortiOS version 7.0.0 through 7.0.6
FortiOS version 6.4.0 through 6.4.9

Solutions

Please upgrade to FortiOS version 7.2.2 or above
Please upgrade to FortiOS version 7.0.7 or above
Please upgrade to FortiOS version 6.4.10 or above

References

  • Reboot FortiOS or kill the SSL-VPN process or disable DTLS settings [if enabled]

Security,networks

via FortiGuard Labs | FortiGuard Center – IR Advisories https://ift.tt/VxiRMJ9

November 1, 2022 at 03:22PM