all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiOS & FortiProxy - Out-of-bounds Write in captive portal

Add to bookmarks
March 12, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An out-of-bounds write vulnerability [CWE-787] and a Stack-based Buffer Overflow [CWE-121] in FortiOS & FortiProxy captive portal may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests.
Workaround:
Set a non form-based authentication scheme:
config authentication scheme
edit scheme
set method method
next
end
Where can be any of those :
ntlm NTLM authentication.
basic Basic HTTP authentication.
digest Digest HTTP authentication.
negotiate Negotiate authentication.
fsso Fortinet Single …

access amp arbitrary code attacker authentication buffer buffer overflow captive portal code config cwe edit fortios fortiproxy http http requests may non out-of-bounds out-of-bounds write overflow portal requests stack vulnerability workaround

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiAuthenticator - Open Redirect on /portal/disclaimer 4 days, 14 hours ago | fortiguard.fortinet.com
attacker cwe disclaimer may +8
Exposure of password hashes to read-only admin 4 days, 14 hours ago | fortiguard.fortinet.com
admin control cwe data +11
Double free with double usage of json_object_put 4 days, 14 hours ago | fortiguard.fortinet.com
attacker code commands cwe +9
Format String Bug in cli command 4 days, 14 hours ago | fortiguard.fortinet.com
amp arbitrary code arbitrary code execution attacker +19
Client IP relies on X-Forwarded-For and other headers 4 days, 14 hours ago | fortiguard.fortinet.com
attack bypass client cwe +10
Buffer overflow in administrative interface 4 days, 14 hours ago | fortiguard.fortinet.com
arbitrary code attacker buffer buffer overflow +13
Code injection in playbook code snippet step 4 days, 14 hours ago | fortiguard.fortinet.com
arbitrary code attacker code code injection +7
Client-side enforcement of server-side security related to customer reports features 4 days, 14 hours ago | fortiguard.fortinet.com
access account attacker client +16
HTTP/2 CONTINUATION Frames Vulnerability 4 days, 14 hours ago | fortiguard.fortinet.com
attack can connection crash +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Security Operations Manager-West Coast

@ The Walt Disney Company | USA - CA - 2500 Broadway Street
View on infosec-jobs.com

Vulnerability Analyst - Remote (WFH)

@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
View on infosec-jobs.com

Senior Mainframe Security Administrator

@ Danske Bank | Copenhagen V, Denmark
View on infosec-jobs.com