CVE-2017-14185

Name of the Vulnerable Software and Affected Versions: FortiOS versions 5.2 through 5.6.2 FortiOS versions 5.4.0 through 5.4.8

Description: The issue allows SSL VPN web portal users to access internal FortiOS configuration information, such as addresses, via specifically crafted URLs inside the SSL-VPN web portal. This is caused by errors in access restriction. Exploitation of the issue may allow a remote attacker to disclose protected information about the operating system using specially formed URI.

Recommendations: For FortiOS versions 5.2 through 5.6.2, consider restricting access to the SSL VPN web portal until a fix is available. For FortiOS versions 5.4.0 through 5.4.8, avoid using specifically crafted URLs inside the SSL-VPN web portal to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.