Jump to content
  • SeedTheNet
  • FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication


    SeedTheNet

    FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication

    Summary

    A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
     

    Workaround:

    Disable SSL-VPN.

    Affected Products

    At least
    FortiOS-6K7K version 7.0.10
    FortiOS-6K7K version 7.0.5
    FortiOS-6K7K version 6.4.12
    FortiOS-6K7K version 6.4.10
    FortiOS-6K7K version 6.4.8
    FortiOS-6K7K version 6.4.6
    FortiOS-6K7K version 6.4.2
    FortiOS-6K7K version 6.2.9 through 6.2.13
    FortiOS-6K7K version 6.2.6 through 6.2.7
    FortiOS-6K7K version 6.2.4
    FortiOS-6K7K version 6.0.12 through 6.0.16
    FortiOS-6K7K version 6.0.10
    At least
    FortiProxy version 7.2.0 through 7.2.3
    FortiProxy version 7.0.0 through 7.0.9
    FortiProxy version 2.0.0 through 2.0.12
    FortiProxy 1.2 all versions
    FortiProxy 1.1 all versions
    At least
    FortiOS version 7.2.0 through 7.2.4
    FortiOS version 7.0.0 through 7.0.11
    FortiOS version 6.4.0 through 6.4.12
    FortiOS version 6.2.0 through 6.2.13
    FortiOS version 6.0.0 through 6.0.16

    Solutions

    Please upgrade to FortiOS-6K7K version 7.0.12 or above
    Please upgrade to FortiOS-6K7K version 6.4.13 or above
    Please upgrade to FortiOS-6K7K version 6.2.15 or above
    Please upgrade to FortiOS-6K7K version 6.0.17 or above
    Please upgrade to FortiProxy version 7.2.4 or above
    Please upgrade to FortiProxy version 7.0.10 or above
    Please upgrade to FortiOS version 7.4.0 or above
    Please upgrade to FortiOS version 7.2.5 or above
    Please upgrade to FortiOS version 7.0.12 or above
    Please upgrade to FortiOS version 6.4.13 or above
    Please upgrade to FortiOS version 6.2.14 or above
    Please upgrade to FortiOS version 6.0.17 or above

    Acknowledgement

    Fortinet is pleased to thank Charles Fol and Dany Bach from LEXFO for bringing this issue to our attention under responsible disclosure.

    Timeline

    2023-06-12: Initial publication

    https://www.fortiguard.com/psirt/FG-IR-23-097


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...