Fortinet FortiOS Sensitive Information Exposure Vulnerability in SSL VPN Events Log

Vulnerability

A vulnerability allowing the exposure of sensitive information to unauthorized actors has been identified in Fortinet FortiOS versions 6.2.4 and prior, as well as 6.0.10 and prior. This vulnerability may enable remote authenticated actors to access the SSL VPN events log entries of users in different VDOMs by executing 'get vpn ssl monitor' from the CLI. The exposed data includes usernames, user groups, and IP addresses.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information, including usernames, user groups, and IP addresses, from the SSL VPN events log of other VDOMs.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS Sensitive Information Exposure Vulnerability in SSL VPN Events Log

Vulnerability

Impact

Affected Products

Fortinet FortiOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating