vulnerability

Fortinet FortiOS: Information Exposure (CVE-2017-7738)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Dec 13, 2017	Feb 20, 2018	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Dec 13, 2017

Added

Feb 20, 2018

Modified

Aug 11, 2025

Description

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.

Solution

fortios-upgrade-latest

References

CVE-2017-7738
https://attackerkb.com/topics/CVE-2017-7738
CWE-200
URL-http://www.securityfocus.com/bid/102151
URL-https://fortiguard.com/advisory/FG-IR-17-172

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today