CVE-2017-14185

Summary

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.

Affected Software

VendorProductVersion RangeStatus
Fortinet, Inc.FortiOS5.6.0 to 5.6.2affected
Fortinet, Inc.FortiOS5.4.0 to 5.4.8affected
Fortinet, Inc.FortiOS5.2 all versionsaffected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References