Fortinet Products Exposure of Sensitive Information Vulnerability Allowing Unauthorized Access to Software Version Details

A vulnerability allowing the exposure of sensitive system information to an unauthorized control sphere has been identified in multiple Fortinet products. This issue affects FortiDDoS versions 5.4.0, 5.3.2 and below, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0, 4.5.0, 4.4.2 and below, as well as FortiDDoS-CM versions 5.3.0, 5.2.0, 5.1.0, 5.0.0, and 4.7.0. Additionally, FortiVoice versions 6.0.6 and below, FortiRecorder versions 6.0.3 and below, and FortiMail versions 6.4.1 and below, 6.2.4 and below, and 6.0.9 and below are also affected. The vulnerability allows remote, unauthenticated attackers to obtain potentially sensitive software version information by reading a JavaScript file.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive software version information, which could be used to identify potential vulnerabilities or weaknesses in the system.