Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-232
Final
1
1
2021-02-03T00:00:00
Current version
2021-02-03T00:00:00
2021-02-03T00:00:00
A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a Denial of Service attack by sending a specifically crafted POST request with a large msg value.
denial of service
FortiProxy versions 2.0.0 FortiProxy versions 1.2.8 and below. FortiProxy versions 1.1 all versions FortiProxy versions 1.0 all versions
Please upgrade to FortiProxy versions 1.2.9 and above. Please upgrade to FortiProxy versions 2.0.1 and above.
Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure.
FortiProxy 2.0.0
FortiProxy 1.2.8
FortiProxy 1.2.7
FortiProxy 1.2.6
FortiProxy 1.2.5
FortiProxy 1.2.4
FortiProxy 1.2.3
FortiProxy 1.2.2
FortiProxy 1.2.1
FortiProxy 1.2.0
FortiProxy 1.1.6
Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request
CVE-2018-13381
FortiProxy-2.0.0
FortiProxy-1.2.8
FortiProxy-1.2.7
FortiProxy-1.2.6
FortiProxy-1.2.5
FortiProxy-1.2.4
FortiProxy-1.2.3
FortiProxy-1.2.2
FortiProxy-1.2.1
FortiProxy-1.2.0
FortiProxy-1.1.6
5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-20-232
Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request
Reference>