CVE-2020-12819

Name of the Vulnerable Software and Affected Versions FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier

Description A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context.

Recommendations For FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier, consider disabling the tunnel mode or restricting access to the SSL VPN daemon until a patch is available. As a temporary workaround, avoid using large LCP packets in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.