Operating System:

[Appliance]

Published:

25 September 2020

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ESB-2020.3286 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3286
         FortiGate - Stack-based buffer overflow in SSL VPN daemon
                             25 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           FortiGate
Publisher:         Fortinet
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-12820  

Original Bulletin: 
   https://fortiguard.com/psirt/FG-IR-20-083

- --------------------------BEGIN INCLUDED TEXT--------------------

Stack-based buffer overflow in SSL VPN daemon

IR Number : FG-IR-20-083

Date      : Sep 24, 2020

Risk      : 3/5

Impact    : Denial of Service

CVE ID    : CVE-2020-12820

CVE ID    : CVE-2020-12820

Summary

Under non-default configuration, a stack-based buffer overflow in FortiGate may
allow a remote attacker authenticated to the SSL VPN to crash the FortiClient
NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a
large FortiClient file name. We are not aware of proof of concept code
successfully achieving the latter.

Impact

Denial of Service

Affected Products

FortiOS versions 5.6.12 and below. FortiOS versions 6.0.10 and below.

Solutions

Please upgrade to FortiOS versions 5.6.13 or above. Please upgrade to FortiOS
versions 6.0.11 or above. FortiOS versions 6.2.0 and above are not impacted.
FortiOS versions 6.4.0 and above are not impacted. Workaround: Please ensure
that Fortiheartbeat and Endpoint-Compliance are not both enabled on the same
interface. FortiHeartbeat and Endpoint-Compliance can be disabled on a
particular interface by following the below CLI commands: config system
interface edit interface set endpoint-compliance disable (

Acknowledgement

Fortinet is pleased to thank Communications Security Establishment Canada
(CSEC) for reporting this vulnerability under responsible disclosure.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX205feNLKJtyKPYoAQiF6Q/+OIwu6wTEoOoF0MIeL9id3BmdALaJK/f/
V0R4UW1KbwUENJMdYEkPBENF6+G4vQfcRXrS3R4+N7NyWziwI23RaYCn5Lyl44Ju
eTfe5ibsZytaWATxQIjsZGPSp3ucoyhB4vpVMTLFFOsZPnwaEexye+YvsGO+mYJh
UeQgtf70N0sGuN6k6je59DCQZ3rX0FUYU7u5Hog6aOj5gDd35eLuWAjUwiqec0Me
LV8XMtss8bKBFpjO5Ofjgqpy01PHktSRKxG+QuOqZUw46C3mnE/WUgRj8Bk0h4xH
7GGWiIg8lKSYG2dPOea7h7Urrf1InrXVBSxL64yg9dKaW4T76V5FNoVnVkpY7GOC
peN9BMHEOai95KDoNodiwF3R54ttYZBn9MjSD7aJRVrnWxf8hkKGaleacqf9sZnq
vaunLtZi4S31jahVFdPnDGp04dZL2fhmb5xBSnk8xEYZa+4KxNd1DaYFqUCWR1eD
y1SqzoyeSsb/u3JcwrhSlNrIaIFYLWj6JVlwTwZUd0XzHmlXnYMNYleSrRZLQA03
i/3pSFZtohw14dbGhca7zf/cle762HTibRGNXQsclkB3J3vAxWc4nK2b7mPSwAdB
Pk3tGzKE928A727RDncm3WnSm+GgE6beU0RhtBTmeClqU1uPTxxixVPWozyPHvr1
tKPSE/vI6p8=
=8Hhd
-----END PGP SIGNATURE-----