PSIRT Advisories

FortiOS SSL VPN buffer overrun through POST message payload


Failure to properly parse message payloads in the SSL VPN portal of FortiOS may allow a non-authenticated attacker to perform a Denial of Service attack via exploiting a buffer overflow.

Affected Products

FortiOS 6.0.0 to 6.0.4

FortiOS 5.6.0 to 5.6.7

FortiOS 5.4 and below


Upgrade to FortiOS 5.6.8, 6.0.5 or 6.2.0


Disable the SSL-VPN web portal service by applying the following CLI commands:

For FortiOS 5.0 and below branches:

config vpn ssl settings
set sslvpn-enable disable

For FortiOS 5.2 and above branches:

config vpn ssl settings
unset source-interface


Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure.