PSIRT Advisory

FortiOS IKE VendorID version information disclosure

Summary

The FortiOS IKE packets which include the Vendor ID embed the FortiOS build version number.

Impact

Information Disclosure

Affected Products

FortiOS 5.0.0 to 5.4.4 and 5.6.0 versions.

Solutions

Upgrade to FortiOS version 5.2.12, 5.4.5 or 5.6.1

Acknowledgement

Fortinet is pleased to thank independent researcher Alexis La Goutte for reporting this vulnerability under responsible disclosure.