Fortinet FortiOS could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation. By sending specially-crafted SNI Client Hello TLS packets, an attacker could exploit this vulnerability to obtain sensitive information
Fortinet FortiAnalyzer and Fortinet FortiManager could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of insufficient permissions or privileges. An attacker could exploit this vulnerability to bypass the device policy and force the password-change action for its user.
Refer to FortiGuard Advisory for the patch, upgrade or suggested workaround information.