Описание
A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-13383
- https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn
- https://fortiguard.com/advisory/FG-IR-18-388
- https://fortiguard.com/advisory/FG-IR-20-229
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383
- http://www.securityfocus.com/bid/108539
Связанные уязвимости
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
Уязвимость SSL VPN веб-портала операционной системы FortiOS, позволяющая нарушителю вызвать отказ в обслуживании