FortiOS HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-248
Final
1
1
2020-10-01T00:00:00
Current version
2020-10-01T00:00:00
2020-10-01T00:00:00
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
None
Crash of the HTTPD service.
FortiOS versions 6.0.10 and below.FortiOS versions 6.2.2 and below.
Please upgrade to FortiGate version 6.0.11 or above. Please upgrade to FortiGate version 6.2.3 or above. Please upgrade to FortiGate version 6.4.0 or above.
Fortinet is pleased to thank Cody Sixteen ( https://code610.blogspot.com/) for reporting this issue under responsible disclosure.
FortiOS 6.2.2
FortiOS 6.0.10
FortiOS HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability
CVE-2019-17656
FortiOS-6.2.2
FortiOS-6.0.10
5.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-248
FortiOS HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability
Reference>