CVE-2017-7738

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 5.2 and below Fortinet FortiOS versions 5.4.0 through 5.4.5 Fortinet FortiOS versions 5.6.0 through 5.6.2

Description The issue allows an admin user with super admin privileges to view the current SSL VPN web portal session information, which may contain user credentials, through the fnsysctl CLI command. This could potentially lead to information disclosure.

Recommendations For Fortinet FortiOS versions 5.2 and below, update to a version above 5.2 to resolve the issue. For Fortinet FortiOS versions 5.4.0 through 5.4.5, update to a version above 5.4.5 to resolve the issue. For Fortinet FortiOS versions 5.6.0 through 5.6.2, update to a version above 5.6.2 to resolve the issue. As a temporary workaround, consider restricting access to the fnsysctl CLI command for admin users with super admin privileges until a patch is available.