CVE-2017-7738

Summary

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.

Affected Software

VendorProductVersion RangeStatus
Fortinet, Inc.FortiOS5.6.0 to 5.6.2affected
Fortinet, Inc.FortiOS5.4.0 to 5.4.5affected
Fortinet, Inc.FortiOS5.2 and belowaffected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References