CVE-2015-1452

Name of the Vulnerable Software and Affected Versions FortiOS version 5.0 Patch 7 build 4457

Description The issue is related to errors in handling input data by the Control and Provisioning of Wireless Access Points (CAPWAP) daemon. It allows remote attackers to cause a denial of service, specifically locking the CAPWAP Access Controller, by sending a large number of ClientHello DTLS messages.

Recommendations For FortiOS version 5.0 Patch 7 build 4457, consider restricting the handling of DTLS messages to prevent the denial of service. As a temporary workaround, limiting the number of ClientHello messages processed by the CAPWAP daemon may help mitigate the risk. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.