Firewall information leak to regular SSL VPN web portal users
Summary
A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically crafted URLs.
Affected Products
FortiOS 5.6.0 to 5.6.2
FortiOS 5.4.0 to 5.4.8
FortiOS 5.2 branch all versions
Solutions
Upgrade to FortiOS 5.6.3 or 5.4.9 or newer versions.