Stack-based buffer overflow in SSL VPN daemon
SummaryUnder non-default configuration, a stack-based buffer overflow in FortiGate may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter.
Affected ProductsFortiOS versions 5.6.12 and below. FortiOS versions 6.0.10 and below.
SolutionsPlease upgrade to FortiOS versions 5.6.13 or above.
Please upgrade to FortiOS versions 6.0.11 or above.
FortiOS versions 6.2.0 and above are not impacted.
FortiOS versions 6.4.0 and above are not impacted.
Please ensure that Fortiheartbeat and Endpoint-Compliance are not both enabled on the same interface.
FortiHeartbeat and Endpoint-Compliance can be disabled on a particular interface by following the below CLI commands:
config system interface edit interface set endpoint-compliance disable (<-- Disabled by default)
set fortiheartbeat disable next