Serial number disclosure in the FortiOS PPTP server hostname protocol field
Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol.
FortiOS 6.0.0 -> 6.0.1
FortiOS 5.6.7 and before
Upgrade to FortiOS 5.6.8, 6.0.2 or upcoming 6.2.0
Fortinet is pleased to thank security researcher Mark Oakton at Infosec Partners reporting this vulnerability under responsible disclosure.