SB2019052915 - Multiple vulnerabilities in Fortinet, FortiOS
Published: May 29, 2019 Updated: February 3, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2019-5587)
The vulnerability allows a remote authenticated user to manipulate data.
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.
2) Open redirect (CVE-ID: CVE-2018-13384)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.
3) Buffer overflow (CVE-ID: CVE-2018-13383)
The vulnerability allows a remote non-authenticated attacker to compromise the affected system.
The vulnerability exists due to a boundary error when parsing web pages in the SSL VPN web portal. A remote attacker can create a specially crafted web page with malicious javascript href data, trick the authenticated user to visit it, trigger a buffer overflow and execute arbitrary code on the system.
Remediation
Install update from vendor's website.
References
- http://www.securityfocus.com/bid/108628
- https://fortiguard.com/advisory/FG-IR-19-017
- https://fortiguard.com/advisory/FG-IR-19-002
- http://www.securityfocus.com/bid/108539
- https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/
- https://fortiguard.com/advisory/FG-IR-18-388
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf