#VU60931 Information disclosure in FortiOS
Vulnerability identifier: #VU60931
Vulnerability risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
FortiOS
Operating systems & Components /
Operating system
Vendor: Fortinet, Inc
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the system via SNI Client Hello TLS packets. A remote attacker can send a specially crafted request to the system and gain access to sensitive information.
Mitigation
Given that there is no systematic way to detect all exfiltration attempts and to exhaustively enumerate all possibilities offered by exfiltration channels, Fortinet has addressed the issue by releasing a set of signatures:
-
Python/SNICat.A!exploit
https://www.fortiguard.com/encyclopedia/virus/10069638 -
SNIcat.Data.Exfiltration.Tool
https://www.fortiguard.com/encyclopedia/ips/50952
Vulnerable software versions
FortiOS: 6.4.0 - 6.4.3, 6.2.0 - 6.2.5, 6.0.0 - 6.0.11
External links
http://fortiguard.com/advisory/FG-IR-20-091
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
