Main Vulnerability Database Vulnerabilities #VU16173

#VU16173 Information disclosure in FortiOS - CVE-2018-13366

Published: November 29, 2018

Vulnerability identifier: #VU16173

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-13366

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote to obtain potentially sensitive information.

The weakness exists due to Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol. A remote attacker can gain access to arbitrary data.

Remediation

Update to version 6.0.2.

External links

https://fortiguard.com/psirt/FG-IR-18-101

#VU16173 Information disclosure in FortiOS - CVE-2018-13366

Description

Remediation

External links

Please verify you're human