FortiOS.Captive.Portal.Out.Of.Bounds.Write
Description
This indicates an attack attempt to exploit a Buffer Overflow vulnerability in FortiOS and FortiProxy.
The vulnerability is due to missing validation of the payload length on the vulnerable endpoint. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted request.
Affected Products
FortiOS version 7.4.0 through 7.4.1
FortiOS version 7.2.0 through 7.2.5
FortiOS version 7.0.0 through 7.0.12
FortiOS version 6.4.0 through 6.4.14
FortiOS version 6.2.0 through 6.2.15
FortiProxy version 7.4.0
FortiProxy version 7.2.0 through 7.2.6
FortiProxy version 7.0.0 through 7.0.12
FortiProxy version 2.0.0 through 2.0.13
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor or follow the workaround provided by the vendor.
https://www.fortiguard.com/psirt/FG-IR-23-328
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |