CVE-2022-35842

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4.0 through 6.4.9 FortiOS versions 7.0.0 through 7.0.6 FortiOS version 7.2.0

Description The issue is related to the exposure of sensitive information to unauthorized actors, potentially allowing remote unauthenticated attackers to gain information about LDAP and SAML settings configured in FortiOS. This may enable attackers to exploit the vulnerability and access sensitive data.

Recommendations For FortiOS versions 6.4.0 through 6.4.9, update to a version that includes the fix for this issue. For FortiOS versions 7.0.0 through 7.0.6, update to a version that includes the fix for this issue. For FortiOS version 7.2.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SSL-VPN portal to minimize the risk of exploitation.