| IR Number | FG-IR-18-387 |
| Date | May 17, 2019 |
| Severity |
Medium |
| Impact | Denial-of-Service Attack (DoS) |
| CVE ID | CVE-2018-13381 |
| Affected Products |
FortiOS
:
6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiOS SSL VPN buffer overrun through POST message payload
Summary
Failure to properly parse message payloads in the SSL VPN portal of FortiOS may allow a non-authenticated attacker to perform a Denial of Service attack via exploiting a buffer overflow.
Affected Products
FortiOS 6.0.0 to 6.0.4
FortiOS 5.6.0 to 5.6.7
FortiOS 5.4 and below
Solutions
Upgrade to FortiOS 5.6.8, 6.0.5 or 6.2.0
Workarounds:
Disable the SSL-VPN web portal service by applying the following CLI commands:
For FortiOS 5.0 and below branches:
config vpn ssl settings
set sslvpn-enable disable
end
For FortiOS 5.2 and above branches:
config vpn ssl settings
unset source-interface
end
Acknowledgement
Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure.