Headline

CVE-2021-26109: Fortiguard

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.

3 years ago

CVE

Open in Source

#vulnerability #ios

PSIRT Advisories

FortiOS - Integer overflow in SSLVPN allocator

Summary

An integer overflow or wraparound vulnerability [CWE-190] in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.

Affected Products

FortiOS version 7.0.0 and below.
FortiOS version 6.4.5 and below.
FortiOS version 6.2.9 and below.
FortiOS version 6.0.12 and below.

Solutions

Upgrade to FortiOS 7.0.1.
Upgrade to FortiOS 6.4.6.
Upgrade to FortiOS 6.2.10.
Upgrade to FortiOS 6.0.13.

For new high-end F-Series Models (FG-1800F, FG-3800F, FG-4200F, FG-4400F) please upgrade to 6.2.9

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago