CVE-2018-13366

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0.1, 5.6.7 and below

Description The issue allows an attacker to reveal the serial number of a FortiGate device via the hostname field defined in connection control setup packets of the PPTP protocol. This is related to an information disclosure vulnerability in the PPTP service.

Recommendations For FortiOS versions 6.0.1 and 5.6.7, consider restricting access to the PPTP service until a fix is available. For versions below 5.6.7, apply the same restriction to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.