FortiOS - Integer overflow in SSLVPN allocator
An integer overflow or wraparound vulnerability [CWE-190] in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
Only when SSLVPN is enabled:
FortiOS version 7.0.0 and below.
FortiOS version 6.4.5 and below.
FortiOS version 6.2.9 and below.
FortiOS version 6.0.12 and below.
Upgrade to FortiOS 7.0.1.
Upgrade to FortiOS 6.4.6.
Upgrade to FortiOS 6.2.10.
Upgrade to FortiOS 6.0.13.
For new high-end F-Series Models (FG-180xF, FG-260xF, FG-350xF, FG-420xF, FG-440xF) please upgrade to 6.2.9.
For FG-6000F, FG7000E and FG7000F Series Models please upgrade to 6.2.9