WARNING: Critical Authentication Bypass Vulnerability in Fortinet SSL VPN
CVSS score: 9.3
A new critical flaw affects Fortigate’s firewalls SSL VPN features.
The attack does not require any user interaction and can be executed remotely to lead to the full takeover of the vulnerable devices. The impact to confidentiality, integrity and availability is high.
In case of an intrusion, you can report the incident via: https://cert.be/en/report-incident
This vulnerability can be easily exploited.
A heap-based buffer overflow vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
The CCB strongly encourages organisations to ensure they upgrade their systems to:
- FortiOS version 7.2.3 or above
- FortiOS version 7.0.9 or above
- FortiOS version 6.4.11 or above
- FortiOS version 6.2.12 or above
- upcoming FortiOS version 6.0.16 or above
- upcoming FortiOS-6K7K version 7.0.8 or above
- FortiOS-6K7K version 6.4.10 or above
- upcoming FortiOS-6K7K version 6.2.12 or above
- FortiOS-6K7K version 6.0.15 or above
- Disable the VPN-SSL feature if it is not essential.
- Look at your logs and check that no unauthorized access has been made.
- Set up conditional access rules (like GeoIP) to limit your exposure vector.
The CCB recommends organizations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion.
Monitor the presence of the following logs on your firewall:
Logdesc="Application crashed" and msg="[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“