Able to retrieve (fweb_all.js) without authentication Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-18-173 Final 1 1 2020-06-01T00:00:00 Current version 2020-06-01T00:00:00 2020-06-01T00:00:00 An information exposure vulnerability in FortiOS Web UI may allow an unauthenticated attacker to gain platform information such as version, via parsing a JavaScript file. Information disclosure FortiOS 6.2.3, 6.2.0 and below Upgrade to FortiOS 6.2.1, 6.2.2, 6.2.4 or aboveRevision History:2019-08-08 Initial Version2020-06-01 Issue reintroduced on 6.2.3 and addressed in 6.2.4 and 6.4.0 Fortinet is pleased to thank Alp Hisim of Biznet Bilisim (www.biznet.com.tr) and an independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting this vulnerability under responsible disclosure. CVE-2018-13367 5.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-18-173 Able to retrieve (fweb_all.js) without authentication Reference>