#VU16173 Information disclosure in FortiOS


Published: 2018-11-29

Vulnerability identifier: #VU16173

Vulnerability risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-13366

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FortiOS
Operating systems & Components / Operating system

Vendor: Fortinet, Inc

Description
The vulnerability allows a remote to obtain potentially sensitive information.

The weakness exists due to Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol. A remote attacker can gain access to arbitrary data.

Mitigation
Update to version 6.0.2.

Vulnerable software versions

FortiOS: 6.0.0 - 6.0.1

External links
http://fortiguard.com/psirt/FG-IR-18-101

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Information disclosure vulnerabilities in Fortinet FortiOS
Red Hat update for Red Hat JBoss Enterprise Application Platform 6.4.21
Red Hat update for Red Hat JBoss Enterprise Application Platform 6.4.21
Red Hat update for Red Hat JBoss Enterprise Application Platform 6.4.21
OpenSUSE Linux update for tomcat