PSIRT Advisory

FortiOS reveals platform information without authentication


An information exposure vulnerability in FortiOS WEB UI may allow an unauthenticated attacker to gain platform information such as version, via parsing a JavaScript file.


Information Disclosure

Affected Products

FortiOS 6.2.0 and below


Upgrade to FortiOS 6.2.1 or above


Fortinet is pleased to thank Alp Hisim of Biznet Bilisim ( and an independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting this vulnerability under responsible disclosure.