PSIRT

[CVE-2017-7738] sslvpn web portal user credentials leaking through fnsysctl CLI cmd

Summary

An admin user with super_admin privileges (i.e. with a super_admin profile) may view the current sslvpn web portal session info, using the fnsysctl CLI command. This info includes user credentials.

Affected Products

FortiOS 5.6 branch: 5.6.0 to 5.6.2
FortiOS 5.4 branch: 5.4.0 to 5.4.5
FortiOS 5.2 and below versions

Solutions

Upgrade to FortiOS 5.4.6 or 5.6.3

Acknowledgement

Fortinet is pleased to thank Jean-Noël Meurisse, Solvay S.A. for reporting this vulnerability under responsible disclosure.

IR Number	FG-IR-17-172
Published Date	Dec 8, 2017
Component	SSL-VPN
Severity	Medium
Discovered	External
Attack Type	Authenticated
Known Exploited	No
CVSSv3 Score	4.3
Impact	Information disclosure
CVE ID
Download	CVRF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

[CVE-2017-7738] sslvpn web portal user credentials leaking through fnsysctl CLI cmd

Summary

Affected Products

Solutions

Acknowledgement

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

[CVE-2017-7738] sslvpn web portal user credentials leaking through fnsysctl CLI cmd

Summary

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center