virus logo Intrusion Prevention

FortiOS.SSL-VPN.Heap.Buffer.Overflow

description-logoDescription

This indicates an attack attempt to exploit an heap-based buffer overflow vulnerability in FortiOS.
The vulnerability is due to an error in sslvpnd when handling requests which may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

affected-products-logoAffected Products

FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS version 6.0.0 through 6.0.15
FortiOS version 5.6.0 through 5.6.14
FortiOS version 5.4.0 through 5.4.13
FortiOS version 5.2.0 through 5.2.15
FortiOS version 5.0.0 through 5.0.14
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.fortiguard.com/psirt/FG-IR-22-398

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2023-12-20 26.700
Modified
 Sig Added
2022-12-14 22.457
Modified
 Name:FG-VD-52258.
0day:FortiOS.
SSL-VPN.
Heap.
Buffer.
Overflow
2022-12-14 22.457
Modified
 Default_action:pass:drop
2022-11-14 22.439
Modified
 Sig Added
2022-11-03 22.430
New
ID 52258
Created Nov 03, 2022
Updated Dec 20, 2023
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 93.98%
Default Action drop
Active
Affected OS Other
Affected App Other
Profile Type BufferErrors