FSSO stack-based buffer overflow
Description
Prior to build 237, the Windows version of FSSO can be remotely exploited to run arbitrary code over the TCP/8000 port without being authenticated.
Impact Detail
A remote attacker may be able to execute arbitrary code in the context of the FSSO collectoragent.exe process.Affected Products
FSSOSolutions
Upgrade to FSSO build 237 or above.32 bits and 64 bits respectively named FSSO_Setup_5.0.0237.exe and FSSO_Setup_5.0.0237_x64.exe are available in the / FortiGate/ v5.00/ 5.2/ 5.2.3/ FSSO/ directory from support download website.
FSSO build 237 is compatible with all FortiOS versions.