A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.
Upgrade to FortiOS version 7.6.4 or above
Upgrade to FortiOS version 7.4.9 or above
Fortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.
Upgrade to FortiProxy version 7.6.6 or above
Upgrade to FortiProxy version 7.4.14 or above