SB2021010511 - Information disclosure in Fortinet FortiGate
Published: January 5, 2021
Security Bulletin ID
SB2021010511
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2020-29010)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due FortiGate may allow a remote authenticated user to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. As a result, a remote user can obtain sensitive data from other VDOMs that include usernames, user groups, and IP addresses.
Remediation
Install update from vendor's website.