PSIRT

Inter-VDOM information leaking

Summary

An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.

Affected Products

FortiOS 7.2 all versions are not affected
FortiOS version 7.0.0 through 7.0.5
FortiOS version 6.4.0 through 6.4.8
FortiOS 6.2 all versions
FortiOS 6.0 all versions are not affected

Solutions

Please upgrade to FortiGate version 7.2.0 or above.
Please upgrade to FortiGate version 7.0.6 or above.
Please upgrade to FortiGate version 6.4.9 or above.

Timeline

2022-08-02: Initial publication

IR Number	FG-IR-22-036
Published Date	Aug 2, 2022
Severity	Medium
CVSSv3 Score	4.3
Impact	Information disclosure
CVE ID
Download	CVRF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

Inter-VDOM information leaking

Summary

Affected Products

Solutions

Timeline

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

Inter-VDOM information leaking

Summary

Affected Products

Solutions

Timeline

Threat Intelligence
Center