Fortinet FortiOS SSL VPN Web Portal Session Information Disclosure Vulnerability

Fortinet FortiOS SSL VPN Web Portal Session Information Disclosure Vulnerability

CVE-2017-7738 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.

Learn more about our Cis Benchmark Audit For Apple Ios.