[FortiOS] stack buffer overflow in the processing of FortiClient filename names requested by SSL VPN clients from the web portal Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-083 Final 1 1 2020-09-24T00:00:00 Current version 2020-09-24T00:00:00 2020-09-24T00:00:00 Under non-default configuration, a stack-based buffer overflow in FortiGate may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. Execute unauthorized code or commands FortiOS versions 5.6.12 and below.FortiOS versions 6.0.10 and below. Please upgrade to FortiOS versions 5.6.13 or above.Please upgrade to FortiOS versions 6.0.11 or above. FortiOS versions 6.2.0 and above are not impacted. FortiOS versions 6.4.0 and above are not impacted. Workaround: Please ensure that Fortiheartbeat and Endpoint-Compliance are not both enabled on the same interface. FortiHeartbeat and Endpoint-Compliance can be disabled on a particular interface by following the below CLI commands:config system interfaceedit interfaceset endpoint-compliance disable (<-- Disabled by default)set fortiheartbeat disablenextend Fortinet is pleased to thank Communications Security Establishment Canada (CSEC) for reporting this vulnerability under responsible disclosure. CVE-2020-12820 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-083 [FortiOS] stack buffer overflow in the processing of FortiClient filename names requested by SSL VPN clients from the web portal Reference>