Fortinet FortiOS 5.0.x < 5.0.1 Multiple DoS

medium Nessus Plugin ID 85740

Synopsis

The remote host is affected by multiple denial of service vulnerabilities.

Description

The remote host is running a version of Fortinet FortiOS 5.0.x prior to 5.0.1. It is, therefore, affected by multiple denial of service vulnerabilities :

- A flaw exists related to the handling of SSH traffic. An unauthenticated, remote attacker can exploit this to crash the proxyworker service.

- A flaw exists in the WAD daemon that is triggered during the handling of HTTP 0.9 traffic. An unauthenticated, remote attacker can exploit this to crash the daemon.

Solution

Upgrade to Fortinet FortiOS 5.0.1 or later.

See Also

http://www.nessus.org/u?cb3eaed4

Plugin Details

Severity: Medium

ID: 85740

File Name: fortios_proxyworker_wad_daemon_dos.nasl

Version: 1.7

Type: local

Family: Firewalls

Published: 9/2/2015

Updated: 1/2/2019

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:fortinet:fortios

Required KB Items: Host/Fortigate/model, Host/Fortigate/version, Host/Fortigate/build

Patch Publication Date: 4/12/2013

Vulnerability Publication Date: 4/12/2013