FortiOS system file leak - upgrade or turn off ssl vpn?

Forum|Forum|6 years ago
July 30, 2019
1 reply
2370 views

I just read about the ssl vpn system file leak that applies to FortiOS 5.6.3 to 5.6.7 and 6.0 to 6.0.4

most of my devices are still on 5.6.6 or 5.6.7

so the only two options are to upgrade or disable ssl vpn?

I have several users on ssl vpn, and have a hard time upgrading during weekdays, are these still the only two workarounds?

and what does it mean it allows unauthenticated person to "download FortOS system files", does it mean the config file?

admiralsuluAuthor

New Member

99% of our ssl vpn users have access via LDAP or Active Directory, the 3 people who have local ssl-vpn accounts are limited to access to only one server.

so in this instance, the risk is that someone could change the password for one of those 3 people who have local ssl-vpn accounts, and then would have access to that one server?

users who have ssl vpn rights via LDAP \ Active Directory are not affected, correct?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded