Format String Vulnerability in SSH username
There is a format string vulnerability in the SSH username handling when connecting to FortiOS 5.6.0, that may lead to memory corruption.
Affected ProductsFortiOS 5.6.0
The following Fortinet products are NOT affected:
5.4 branch: not vulnerable
5.2 branch: not vulnerable
Upgrade to FortiOS 5.6.1 or above.
Workaround: Configure the trusthost feature to only allow trusted administrators to use SSH and deny others.
Fortinet thanks Simone Cardona for reporting this vulnerability.