PSIRT Advisories
FortiOS reveals platform information without authentication
Summary
An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information such as version, via parsing a JavaScript file.
Affected Products
FortiOS 6.2.3, 6.2.0 and below
Solutions
Upgrade to FortiOS 6.2.1, 6.2.2, 6.2.4 or above
Revision History:
2019-08-08 Initial Version
2020-06-01 Issue reintroduced on 6.2.3 and addressed in 6.2.4 and 6.4.0
Acknowledgement
Fortinet is pleased to thank Alp Hisim of Biznet Bilisim (www.biznet.com.tr) and an independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting this vulnerability under responsible disclosure.