Stack-based buffer overflow in SSL VPN daemon
Under non-default configuration, a stack-based buffer overflow in FortiGate may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter.
Denial of Service
FortiOS versions 5.6.12 and below. FortiOS versions 6.0.10 and below.
SolutionsPlease upgrade to FortiOS versions 5.6.13 or above.
Fortinet is pleased to thank Communications Security Establishment Canada (CSEC) for reporting this vulnerability under responsible disclosure.