Firewall information leak to regular SSL VPN web portal users
A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically crafted URLs.
FortiOS 5.6.0 to 5.6.2
FortiOS 5.4.0 to 5.4.8
FortiOS 5.2 branch all versions
Upgrade to FortiOS 5.6.3 or 5.4.9 or newer versions.
Fortinet is pleased to thank Fox-IT (https://www.fox-it.com) reporting this vulnerability under responsible disclosure.