It could also potentially allow remote code execution on FortiOS due to a failure to handle JavaScript href content properly. CVE-2018-13383 ( FG-IR-18-388) – This heap buffer overflow vulnerability in the FortiOS SSL VPN web portal could cause the SSL VPN web service to terminate for logged in users.CVE-2018-13379 ( FG-IR-18-384) – This is a path traversal vulnerability in the FortiOS SSL VPN web portal that could potentially allow an unauthenticated attacker to download files through specially crafted HTTP resource requests.Two of the vulnerabilities directly affected Fortinet’s implementation of SSL VPN. At the recent Black Hat 2019 conference held in Las Vegas this past August 3-8, security researchers discussed their discovery of security vulnerabilities that impacted several security vendors, including Fortinet. All of the vulnerabilities impacting Fortinet were fixed in April and May of 2019.
0 Comments
Leave a Reply. |