At a glance:
| IR Number | FG-IR-20-103 |
| Date | Jan 04, 2021 |
| Risk | 
|
| CVSSv3 Score | 4.9 |
| Impact | Information disclosure |
| CVE ID | CVE-2020-29010 |
| CVRF | Download |
Refine Search
PSIRT Advisory
FortiGate SSL VPN logs may display events of users in a different VDOM
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in FortiGate may allow a remote authenticated attacker to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, and IP addresses.
Impact
Information disclosure
Affected Products
FortiGate versions 6.0.10 and below.
FortiGate versions 6.2.4 and below.
FortiGate versions 6.4.1 and below.
Solutions
Please upgrade to FortiGate version 6.0.11 or above.
Please upgrade to FortiGate version 6.2.5 or above.
Please upgrade to FortiGate version 6.4.2 or above.