| No. | Title | CVE ID | Severity | Model |
| 21 | [FG-IR-20-105] 인증되지 않은 사용자가 소프트웨어 버전 정보를 확인할 수 있습니다. | CVE-2020-15933 CVE-2021-24008 | Medium | FortiMail/FortiDDoS/ FortiVoic/FOrtiRecorder |
FortiMail의 승인되지 않은 제어 영역 취약성[CWE-497]으로 인해 민감한 시스템 정보가 노출되면 원격의 인증되지 않은 공격자가 JavaScript 파일을 읽어 잠재적으로 민감한 소프트웨어 버전 정보를 얻을 수 있습니다.
Affected Products
FortiMail versions 6.0.9 and below.
FortiMail versions 6.2.4 and below
FortiMail versions 6.4.1 and below.
FortiDDoS version 5.4.0.
FortiDDoS version 5.3.2 and below.
FortiDDoS version 5.2.0.
FortiDDoS version 5.1.0.
FortiDDoS version 5.0.0.
FortiDDoS version 4.7.0.
FortiDDoS version 4.6.0.
FortiDDoS version 4.5.0.
FortiDDoS version 4.4.2 and below.
FortiDDoS-CM version 5.3.0.
FortiDDoS-CM version 5.2.0.
FortiDDoS-CM version 5.1.0.
FortiDDoS-CM version 5.0.0.
FortiDDoS-CM version 4.7.0.
FortiVoice version 6.0.6 and below.
FortiRecorder version 6.0.3 and below.
Solutions
Please upgrade to FortiMail versions 6.0.10 or above.
Please upgrade to FortiMail versions 6.2.5 or above.
Please upgrade to FortiMail versions 6.4.2 or above.
Please upgrade to FortiDDoS versions 5.5.0 or above.
Please upgrade to FortiDDoS versions 5.4.3 or above.
Please upgrade to FortiDDoS-CM versions 5.4.1 or above.
Please upgrade to FortiVoice versions 6.4.0 or above.
Please upgrade to FortiVoice versions 6.0.7 or above.
Please upgrade to FortiRecorder versions 6.0.4 or above.