| IR Number | FG-IR-20-083 |
| Date | Sep 24, 2020 |
| Severity |
Medium |
| CVSSv3 Score | 5.4 |
| Impact | Denial of Service |
| CVE ID | CVE-2020-12820 |
| Affected Products |
FortiOS
:
6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
Stack-based buffer overflow in SSL VPN daemon
Summary
Under non-default configuration, a stack-based buffer overflow in FortiGate may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter.Affected Products
FortiOS versions 5.6.12 and below. FortiOS versions 6.0.10 and below.Solutions
Please upgrade to FortiOS versions 5.6.13 or above.ÂPlease upgrade to FortiOS versions 6.0.11 or above.Â
FortiOS versions 6.2.0 and above are not impacted.Â
 FortiOS versions 6.4.0 and above are not impacted.
 Workaround:
Please ensure that Fortiheartbeat and Endpoint-Compliance are not both enabled on the same interface.Â
 FortiHeartbeat and Endpoint-Compliance can be disabled on a particular interface by following the below CLI commands:Â
 config system interface
edit interface
set endpoint-compliance disable (<-- Disabled by default)Â
set fortiheartbeat disable
nextÂ
end