====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN017
_____________________________________________________________________

DATE                : 12/01/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiGate versions prior to 6.0.11,
                                         6.2.5, 6.4.2.

=====================================================================
https://www.fortiguard.com/psirt/FG-IR-20-103
_____________________________________________________________________

IR Number 	FG-IR-20-103
Date            Jan 04, 2021
Risk 	
CVSSv3 Score     4.9
Impact           Information disclosure
CVE ID           CVE-2020-29010
CVRF             Download


FortiGate SSL VPN logs may display events of users in a different VDOM.


Summary

An exposure of sensitive information to an unauthorized actor
vulnerability in FortiGate may allow a remote authenticated attacker to
read the SSL VPN events log entries of users in other VDOMs by
executing "get vpn ssl monitor" from the CLI. The sensitive data
includes usernames, user groups, and IP addresses.


Impact

Information disclosure


Affected Products

FortiGate versions 6.0.10 and below.
FortiGate versions 6.2.4 and below.
FortiGate versions 6.4.1 and below.


Solutions

Please upgrade to FortiGate version 6.0.11 or above.
Please upgrade to FortiGate version 6.2.5 or above.
Please upgrade to FortiGate version 6.4.2 or above.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================