PSIRT

Application Control Violation page leaks Private IP and Hostname

Summary

The default replacement message in FortiOS' Application Control block page reveals the private IP as well as the hostname of the FortiGate.

Affected Products

FortiOS 5.6.5, 6.0.1 and below.

Solutions

Upgrade to 5.6.6, 6.0.2, 6.2.0 or later
Work around:
All the replacement messages are configurable by the administrators. The default replacement messages are just templates. An administrator can easily change them to suit their needs. For example, remove the server/client IPs and FortiOS host names.

Acknowledgement

Fortinet is pleased to thank Anandraj Amaran Security Researcher,22by7 solutions (22by7.in) reporting this vulnerability under responsible disclosure.

IR Number	FG-IR-18-085
Published Date	Aug 23, 2018
Component	GUI
Severity	Info
CVSSv3 Score	5.2
Impact	Information disclosure
CVE ID
Download	CVRF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

Application Control Violation page leaks Private IP and Hostname

Summary

Affected Products

Solutions

Acknowledgement

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

Application Control Violation page leaks Private IP and Hostname

Summary

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center