Main Vulnerability Database SB2021020333

SB2021020333 - Buffer overflow in FortiProxy SSL VPN

Published: February 3, 2021

Security Bulletin ID SB2021020333

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Buffer overflow (CVE-ID: CVE-2018-13381)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTTP POST requests in SSL VPN web portal. A remote attacker can trick a victim to visit a specially crafted website and execute arbitrary code on the device.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://fortiguard.com/psirt/FG-IR-20-232