encrypt or secure storage for local SSL VPN session info Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-217 Final 1 1 2021-09-07T00:00:00 Current version 2021-09-07T00:00:00 2021-09-07T00:00:00 A cleartext storage in a file or on disk [CWE-313] vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. To successfully exploit this weakness, another unrelated weakness (eg: a system file leaking vulnerability) would therefore need to be exploited first. Information disclosure FortiOS 6.2.0 to 6.2.2, 6.0.9 and below, 5.6.13 and below. Upgrade to FortiOS 6.0.10 or 6.2.3 or 5.6.14 or aboveRevision History:2020-01-27 Initial Version2020-06-26 New fix on 6.0.10 released.2021-07-29 New fix on 5.6.14 released https://fortiguard.fortinet.com/psirt/FG-IR-19-217 encrypt or secure storage for local SSL VPN session info https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html CVE-2019-17655 4.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-19-217 encrypt or secure storage for local SSL VPN session info Reference> https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html