FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication
Summary
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Workaround:
Disable SSL-VPN.
Affected Products
At least
FortiOS-6K7K version 7.0.10
FortiOS-6K7K version 7.0.5
FortiOS-6K7K version 6.4.12
FortiOS-6K7K version 6.4.10
FortiOS-6K7K version 6.4.8
FortiOS-6K7K version 6.4.6
FortiOS-6K7K version 6.4.2
FortiOS-6K7K version 6.2.9 through 6.2.13
FortiOS-6K7K version 6.2.6 through 6.2.7
FortiOS-6K7K version 6.2.4
FortiOS-6K7K version 6.0.12 through 6.0.16
FortiOS-6K7K version 6.0.10
At least
FortiProxy version 7.2.0 through 7.2.3
FortiProxy version 7.0.0 through 7.0.9
FortiProxy version 2.0.0 through 2.0.12
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
At least
FortiOS version 7.2.0 through 7.2.4
FortiOS version 7.0.0 through 7.0.11
FortiOS version 6.4.0 through 6.4.12
FortiOS version 6.2.0 through 6.2.13
FortiOS version 6.0.0 through 6.0.16
Solutions
Please upgrade to FortiOS-6K7K version 7.0.12 or above
Please upgrade to FortiOS-6K7K version 6.4.13 or above
Please upgrade to FortiOS-6K7K version 6.2.15 or above
Please upgrade to FortiOS-6K7K version 6.0.17 or above
Please upgrade to FortiProxy version 7.2.4 or above
Please upgrade to FortiProxy version 7.0.10 or above
Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.5 or above
Please upgrade to FortiOS version 7.0.12 or above
Please upgrade to FortiOS version 6.4.13 or above
Please upgrade to FortiOS version 6.2.14 or above
Please upgrade to FortiOS version 6.0.17 or above
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now