Jump to content
  • SeedTheNet
  • FortiOS & FortiProxy - Out-of-bound-write in sslvpnd


    SeedTheNet

    FortiOS & FortiProxy - Out-of-bound-write in sslvpnd

    Summary

    An out-of-bounds write vulnerability [CWE-787] in sslvpnd of FortiOS and FortiProxy may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted requests.

    Affected Products

    FortiOS version 7.2.0 through 7.2.3
    FortiOS version 7.0.0 through 7.0.10
    FortiOS version 6.4.0 through 6.4.11
    FortiOS version 6.2.0 through 6.2.13
    FortiOS version 6.0.0 through 6.0.16
    FortiProxy version 7.2.0 through 7.2.1
    FortiProxy version 7.0.0 through 7.0.7
    FortiProxy 2.0 all versions
    FortiProxy 1.2 all versions
    FortiProxy 1.1 all versions
    FortiProxy 1.0 all versions

    Solutions

    Please upgrade to FortiOS version 7.4.0 or above
    Please upgrade to FortiOS version 7.2.4 or above
    Please upgrade to FortiOS version 7.0.11 or above
    Please upgrade to FortiOS version 6.4.12 or above
    Please upgrade to FortiOS version 6.2.14 or above
    Please upgrade to upcoming FortiOS version 6.0.17 or above
    Please upgrade to FortiProxy version 7.2.2 or above
    Please upgrade to FortiProxy version 7.0.8 or above

     

    Workaround:

     

    Disable "Host Check", "Restrict to Specific OS Versions" and "MAC address host checking" in sslvpn portal configuration. For example for "full-access" sslvpn portal:

     

    config vpn ssl web portal
    edit "full-access"
    set os-check disable
    set host-check none
    set mac-addr-check disable
    end

    Acknowledgement

    Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team in the frame of an internal audit of the SSL-VPN component.

    Timeline

    2023-04-13: Initial publication
    2023-05-15: add a new fixed version 6.0.17 for FortiOS


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...

Important Information

Privacy Policy