[SSLVPN] get vpn ssl monitor displays users from other vdoms Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-103 Final 1 1 2021-01-04T00:00:00 Current version 2021-01-04T00:00:00 2021-01-04T00:00:00 An exposure of sensitive information to an unauthorized actor vulnerability in FortiGate may allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, and IP address. Information disclosure FortiGate versions 6.0.10 and below. FortiGate versions 6.2.4 and below. FortiGate versions 6.4.1 and below. Please upgrade to FortiGate version 6.0.11 or above. Please upgrade to FortiGate version 6.2.5 or above.Please upgrade to FortiGate version 6.4.2 or above. CVE-2020-29010 4.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-103 [SSLVPN] get vpn ssl monitor displays users from other vdoms Reference>