FortiOS -- Telnet on the SSL-VPN interface results in information leak
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-223
Final
1
1
2022-11-01T00:00:00
Current version
2022-11-01T00:00:00
2022-11-01T00:00:00
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.
None
Information disclosure
FortiOS version 7.2.0 FortiOS version 7.0.0 through 7.0.7 FortiOS version 6.4.0 through 6.4.9 FortiOS version 6.2.0 through 6.2.12
Please upgrade to FortiOS version 7.2.1 or above Please upgrade to FortiOS version 7.0.8 or above Please upgrade to FortiOS version 6.4.10 or above Please upgrade to FortiOS version 6.2.13 or above
https://fortiguard.fortinet.com/psirt/FG-IR-22-223
FortiOS -- Telnet on the SSL-VPN interface results in information leak
Reboot FortiOS or kill the SSL-VPN process or disable DTLS settings [if enabled]
Reboot FortiOS or kill the SSL-VPN process or disable DTLS settings [if enabled]
FortiOS 7.2.0
FortiOS 7.0.7
FortiOS 7.0.6
FortiOS 7.0.5
FortiOS 7.0.4
FortiOS 7.0.3
FortiOS 7.0.2
FortiOS 7.0.1
FortiOS 7.0.0
FortiOS 6.4.9
FortiOS 6.4.8
FortiOS 6.4.7
FortiOS 6.4.6
FortiOS 6.4.5
FortiOS 6.4.4
FortiOS 6.4.3
FortiOS 6.4.2
FortiOS 6.4.1
FortiOS 6.4.0
FortiOS 6.2.12
FortiOS 6.2.11
FortiOS 6.2.10
FortiOS 6.2.9
FortiOS 6.2.8
FortiOS 6.2.7
FortiOS 6.2.6
FortiOS 6.2.5
FortiOS 6.2.4
FortiOS 6.2.3
FortiOS 6.2.2
FortiOS 6.2.1
FortiOS 6.2.0
FortiOS -- Telnet on the SSL-VPN interface results in information leak
CVE-2022-35842
FortiOS-7.2.0
FortiOS-7.0.7
FortiOS-7.0.6
FortiOS-7.0.5
FortiOS-7.0.4
FortiOS-7.0.3
FortiOS-7.0.2
FortiOS-7.0.1
FortiOS-7.0.0
FortiOS-6.4.9
FortiOS-6.4.8
FortiOS-6.4.7
FortiOS-6.4.6
FortiOS-6.4.5
FortiOS-6.4.4
FortiOS-6.4.3
FortiOS-6.4.2
FortiOS-6.4.1
FortiOS-6.4.0
FortiOS-6.2.12
FortiOS-6.2.11
FortiOS-6.2.10
FortiOS-6.2.9
FortiOS-6.2.8
FortiOS-6.2.7
FortiOS-6.2.6
FortiOS-6.2.5
FortiOS-6.2.4
FortiOS-6.2.3
FortiOS-6.2.2
FortiOS-6.2.1
FortiOS-6.2.0
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-22-223
FortiOS -- Telnet on the SSL-VPN interface results in information leak
Reference>
Reboot FortiOS or kill the SSL-VPN process or disable DTLS settings [if enabled]
Reboot FortiOS or kill the SSL-VPN process or disable DTLS settings [if enabled]