Fortinet FortiOS <= 5.4, 5.6.x < 5.6.8, 6.0.x < 6.0.5 SSL VPN Buffer Overflow (FG-IR-18-387)
Medium Nessus Plugin ID 125886
SynopsisThe remote host is affected by a buffer overflow condition.
DescriptionThe remote host is running a version of FortiOS prior or equal to 5.4, 5.6.x prior to 5.6.8 or 6.0.x prior to 6.0.5. It is, therefore, affected by a buffer overflow condition in the SSL-VPN web portal, due to a failure to properly parse message payloads. An unauthenticated attacker can exploit this, via a specially crafted request to cause a denial of service condition.
SolutionUpgrade to Fortinet FortiOS version to 5.6.8, 6.0.5, 6.2.0 or later. Alternatively, apply one of the workarounds outlined in the linked advisory