An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager, FortiAnalyzer, FortiPortal & FortiSwitch may allow an attacker which has obtained access to a restricted administrative account to obtain sensitive information via
diagnose debug commands.
At least FortiManager version 6.0.0 through 6.0.4
At least FortiAnalyzer version 6.0.0 through 6.0.4 At least FortiPortal 4.1 all versions FortiPortal 4.2 all versions FortiPortal 5.0 all versions FortiPortal 5.1 all versions FortiPortal 5.2 all versions FortiPortal 5.3 all versions FortiPortal version 6.0.0 through 6.0.9
At least FortiSwitch version 6.0.0 through 6.0.7 FortiSwitch version 6.2.0 through 6.2.7 FortiSwitch version 6.4.0 through 6.4.10 FortiSwitch version 7.0.0 through 7.0.4
Upgrade to FortiManager version 6.0.5 and above,
Upgrade to FortiManager version 6.2.0 and above.
Upgrade to FortiAnalyzer version 6.0.5 and above,
Upgrade to FortiAnalyzer version 6.2.0 and above.
Upgrade to FortiPortal version 6.0.10 and above.
Upgrade to FortiSwitch version 6.4.11 and above,
Upgrade to FortiSwitch version 7.0.5 and above.