PT-2019-14336 · Fortinet · Fortios

Publicado

2019-11-08

Atualizado

2019-12-16

CVE-2019-15705

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.2.1 and below FortiOS versions 6.0.6 and below

Description The issue is related to an Improper Input Validation vulnerability in the SSL VPN portal of FortiOS, which may allow an unauthenticated remote attacker to crash the SSL VPN service. This can be achieved by sending a crafted POST request to the vulnerable endpoint.

Recommendations For FortiOS versions 6.2.1 and below, update to a version above 6.2.1 to resolve the issue. For FortiOS versions 6.0.6 and below, update to a version above 6.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the SSL VPN portal to minimize the risk of exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2019-15705

Produtos afetados

Fortios

PT-2019-14336 · Fortinet · Fortios

CVE-2019-15705

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3