إرسال #56660: FortiOS - heap-based buffer overflow in sslvpndالمعلومات

عنوانFortiOS - heap-based buffer overflow in sslvpnd
الوصفA heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Exploitation status: Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise: Multiple log entries with: Logdesc="Application crashed" and msg="[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]“ Presence of the following artifacts in the filesystem: /data/lib/libips.bak /data/lib/libgif.so /data/lib/libiptcp.so /data/lib/libipudp.so /data/lib/libjepg.so /var/.sslvpnconfigbk /data/etc/wxd.conf /flash Connections to suspicious IP addresses from the FortiGate: x.x.x.x:444 x.x.x.x:30080,30081,30443,20443 x.x.x.x:8443,444 x.x.x.x:8033 Affected Products FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS-6K7K version 7.0.0 through 7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14 Solutions Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.12 or above Please upgrade to FortiOS-6K7K version 7.0.8 or above Please upgrade to FortiOS-6K7K version 6.4.10 or above Please upgrade to FortiOS-6K7K version 6.2.12 or above Please upgrade to FortiOS-6K7K version 6.0.15 or above CVSSv3 Score 9.3 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
المصدر⚠️ https://www.fortiguard.com/psirt/FG-IR-22-398
المستخدم
 cookedfrenchman (UID 20416)
ارسال13/12/2022 10:15 AM (3 سنوات منذ)
الاعتدال13/12/2022 11:03 AM (48 minutes later)
الحالةتمت الموافقة
إدخال VulDB215433 [Fortinet FortiOS حتى 7.2.2 sslvpnd تلف الذاكرة]
النقاط20

التالي نظرة عامة السابق

Might our Artificial Intelligence support you?

Check our Alexa App!