==================================================================== CERT-Renater Note d'Information No. 2021/VULN072 _____________________________________________________________________ DATE : 04/02/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running FortiProxy versions prior to 1.2.9, 2.0.1. ===================================================================== https://www.fortiguard.com/psirt/FG-IR-20-232 https://www.fortiguard.com/psirt/FG-IR-20-229 _____________________________________________________________________ IR Number FG-IR-20-232 Date Feb 01, 2021 Risk CVSSv3 Score 5.2 Impact denial of service CVE ID CVE-2018-13381 CVRF Download Buffer overflow vulnerability in FortiProxy SSL VPN through a crafted POST request Summary A buffer overflow vulnerability in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a Denial of Service attack by sending a specifically crafted POST request with a large msg value. Impact denial of service Affected Products FortiProxy versions 2.0.0 FortiProxy versions 1.2.8 and below. FortiProxy versions 1.1.6 and below. FortiProxy versions 1.0.7 and below. Solutions Please upgrade to FortiProxy versions 1.2.9 and above. Please upgrade to FortiProxy versions 2.0.1 and above. Acknowledgement Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure. _____________________________________________________________________ IR Number FG-IR-20-229 Date Feb 01, 2021 Risk CVSSv3 Score 4.2 Impact denial of service, Remote Code Execution CVE ID CVE-2018-13383 CVRF Download FortiProxy SSL VPN buffer overflow when parsing javascript href content Summary A heap buffer overflow vulnerability in the FortiProxy SSL VPN web portal may cause the SSL VPN web service termination for logged in users or potential remote code execution on FortiProxy. This happens when an authenticated user visits a specifically crafted proxied webpage and is due to a failure to handle Javascript HREF content properly. Impact denial of service, Remote Code Execution Affected Products FortiProxy version 2.0.0 FortiProxy versions 1.2.8 and below. FortiProxy versions 1.1.6 and below. FortiProxy versions 1.0.7 and below. Solutions Please upgrade to FortiProxy versions 2.0.1 or above. Please upgrade to FortiProxy versions 1.2.9 or above. Acknowledgement Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================