Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-20-083 |
History
Fri, 20 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 19 Dec 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. | |
First Time appeared |
Fortinet
Fortinet fortios |
|
Weaknesses | CWE-121 | |
CPEs | cpe:2.3:o:fortinet:fortios:5.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:5.6.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:* |
|
Vendors & Products |
Fortinet
Fortinet fortios |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2024-12-19T10:57:31.517Z
Updated: 2024-12-20T17:25:13.362Z
Reserved: 2020-05-12T00:00:00.000Z
Link: CVE-2020-12820
Vulnrichment
Updated: 2024-12-20T17:24:58.263Z
NVD
Status : Received
Published: 2024-12-19T11:15:05.700
Modified: 2024-12-19T11:15:05.700
Link: CVE-2020-12820
Redhat
No data.