Fortinet FortiOS Exposure of Sensitive Information Vulnerability Allowing SSL-VPN Symlink Persistence Patch Bypass

A vulnerability allowing the exposure of sensitive information to an unauthorized actor has been identified in Fortinet FortiOS versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, and 6.4 all versions. This vulnerability may enable a remote unauthenticated attacker to bypass a patch related to the symbolic link persistence mechanism, which has been observed in some post-exploitation scenarios, by sending crafted HTTP requests. Exploitation of this vulnerability requires prior compromise of the product through another vulnerability at the filesystem level.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, allowing attackers to bypass security patches and potentially exploit vulnerable FortiGate devices at the filesystem level.

Remediation

Users can upgrade to Fortinet FortiOS 7.6.2 or 7.4.7, depending on their current version. For FortiOS 7.2, 7.0, and 6.4, users should migrate to a fixed release. Fortinet provides an upgrade tool to assist with this process.