Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3286 FortiGate - Stack-based buffer overflow in SSL VPN daemon 25 September 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FortiGate Publisher: Fortinet Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-12820 Original Bulletin: https://fortiguard.com/psirt/FG-IR-20-083 - --------------------------BEGIN INCLUDED TEXT-------------------- Stack-based buffer overflow in SSL VPN daemon IR Number : FG-IR-20-083 Date : Sep 24, 2020 Risk : 3/5 Impact : Denial of Service CVE ID : CVE-2020-12820 CVE ID : CVE-2020-12820 Summary Under non-default configuration, a stack-based buffer overflow in FortiGate may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. Impact Denial of Service Affected Products FortiOS versions 5.6.12 and below. FortiOS versions 6.0.10 and below. Solutions Please upgrade to FortiOS versions 5.6.13 or above. Please upgrade to FortiOS versions 6.0.11 or above. FortiOS versions 6.2.0 and above are not impacted. FortiOS versions 6.4.0 and above are not impacted. Workaround: Please ensure that Fortiheartbeat and Endpoint-Compliance are not both enabled on the same interface. FortiHeartbeat and Endpoint-Compliance can be disabled on a particular interface by following the below CLI commands: config system interface edit interface set endpoint-compliance disable ( Acknowledgement Fortinet is pleased to thank Communications Security Establishment Canada (CSEC) for reporting this vulnerability under responsible disclosure. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX205feNLKJtyKPYoAQiF6Q/+OIwu6wTEoOoF0MIeL9id3BmdALaJK/f/ V0R4UW1KbwUENJMdYEkPBENF6+G4vQfcRXrS3R4+N7NyWziwI23RaYCn5Lyl44Ju eTfe5ibsZytaWATxQIjsZGPSp3ucoyhB4vpVMTLFFOsZPnwaEexye+YvsGO+mYJh UeQgtf70N0sGuN6k6je59DCQZ3rX0FUYU7u5Hog6aOj5gDd35eLuWAjUwiqec0Me LV8XMtss8bKBFpjO5Ofjgqpy01PHktSRKxG+QuOqZUw46C3mnE/WUgRj8Bk0h4xH 7GGWiIg8lKSYG2dPOea7h7Urrf1InrXVBSxL64yg9dKaW4T76V5FNoVnVkpY7GOC peN9BMHEOai95KDoNodiwF3R54ttYZBn9MjSD7aJRVrnWxf8hkKGaleacqf9sZnq vaunLtZi4S31jahVFdPnDGp04dZL2fhmb5xBSnk8xEYZa+4KxNd1DaYFqUCWR1eD y1SqzoyeSsb/u3JcwrhSlNrIaIFYLWj6JVlwTwZUd0XzHmlXnYMNYleSrRZLQA03 i/3pSFZtohw14dbGhca7zf/cle762HTibRGNXQsclkB3J3vAxWc4nK2b7mPSwAdB Pk3tGzKE928A727RDncm3WnSm+GgE6beU0RhtBTmeClqU1uPTxxixVPWozyPHvr1 tKPSE/vI6p8= =8Hhd -----END PGP SIGNATURE-----