PSIRT Advisories
FortiOS - Null pointer dereference in sslvnd
Summary
A NULL pointer dereference vulnerability [CWE-476] in FortiOS may allow a remote unauthenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests.
Affected Products
FortiOS version 7.2.0 through 7.2.4
FortiOS version 7.0.0 through 7.0.11
FortiOS version 6.4.0 through 6.4.12
FortiOS version 6.2.0 through 6.2.14
FortiOS version 6.0.0 through 6.0.16
Solutions
Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.5 or above
Please upgrade to FortiOS version 7.0.12 or above
Please upgrade to FortiOS version 6.4.13 or above
Please upgrade to FortiOS version 6.2.15 or above
Please upgrade to FortiOS version 6.0.17 or above