PSIRT Advisory

FortiOS multiple pre-authentication Information Disclosure

Summary

Multiple information exposure vulnerabilities in FortiOS may allow an unauthenticated attacker to perform some information gathering via parsing the HTTP headers, web portal certificate, and error messages. The exposed information includes the FortiGate's model, serial number and internal IP address.

Impact

Information Disclosure

Affected Products

* HTTP Server Header Information Disclosure:

 FortiOS all versions before 6.0.4


* Admin web portal builtin certificate Information Disclosure:

FortiOS all versions when using builtin certificate as admin web portal server certificate

 

* Application Control Violation error message Information Disclosure:

FortiOS 6.0.1, 6.0.0, 5.6.6 and below

Solutions

* HTTP Server Header Information Disclosure:

Upgrade to FortiOS versions 6.0.4 or above.


* Admin web portal builtin certificate Information Disclosure

Upload and use a 3rd party signed certificate as admin web portal server certificate.

 

* Application Control Violation error message Information Disclosure:

Upgrade to FortiOS 5.6.6, 6.0.2 or later versions [2]


Workarounds:


* HTTP Server Header Information Disclosure:

Limit admin web portal access to local network only.


* Admin web portal builtin certificate Information Disclosure:

Limit admin web portal access to local network only.

 

* Application Control Violation error message Information Disclosure:

Refer to https://fortiguard.com/psirt/FG-IR-18-085