An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 25 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2024-10-25T14:33:09.500Z

Reserved: 2017-04-12T00:00:00

Link: CVE-2017-7738

cve-icon Vulnrichment

Updated: 2024-08-05T16:12:28.411Z

cve-icon NVD

Status : Deferred

Published: 2017-12-13T22:29:00.283

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-7738

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.