IR Number FG-IR-17-073
Date Aug 11, 2017
Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Informational
Impact Information Disclosure
CVE ID CVE-2017-3130
Affected Products
FortiOS : 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.11, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0
CVRF Download

PSIRT Advisories

FortiOS IKE VendorID version information disclosure

Summary

The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number.

Affected Products

FortiOS 5.0.0 to 5.4.4 and 5.6.0 versions.

Solutions

Upgrade to FortiOS version 5.2.12, 5.4.5 or 5.6.1

Acknowledgement

Fortinet is pleased to thank independent researcher Alexis La Goutte for reporting this vulnerability under responsible disclosure.