PSIRT Advisory

FortiManager allows unauthorized viewing of vdoms settings by any adom standard users

Summary

A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom.

Impact

Information Disclosure

Affected Products

FortiManager 6.0.1 and below.

Solutions

Upgrade to FortiManager 6.0.2 or above.

Acknowledgement

Fortinet is pleased to thank Yasar Calay, Beyaz Bilgisayar Danışmanlık Hizmetleri Ltd. Şti. for reporting this vulnerability under responsible disclosure.