At a glance:
| IR Number | FG-IR-20-232 |
| Date | Feb 01, 2021 |
| Risk | 
|
| CVSSv3 Score | 5.2 |
| Impact | denial of service |
| CVE ID | CVE-2018-13381 |
| CVRF | Download |
Refine Search
PSIRT Advisory
Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request
Summary
A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a Denial of Service attack by sending a specifically crafted POST request with a large msg value.
Impact
denial of service
Affected Products
FortiProxy versions 2.0.0 FortiProxy versions 1.2.8 and below. FortiProxy versions 1.1.6 and below. FortiProxy versions 1.0.7 and below.
Solutions
Please upgrade to FortiProxy versions 1.2.9 and above. Please upgrade to FortiProxy versions 2.0.1 and above.
Acknowledgement
Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure.