FortiOS - heap-based buffer overflow in sslvpnd / plans for provide patches

FortiOS 6.0 is out of support since September 2022, so there will be no bug fixes and patches released for that version.

Ahmad

Hi,

Unfortunately, FortiGate firewall 200D only supports FortiOS 6.0 which has reached EOL, so the only workaround is to disable the SSLVPN.

Regards,

Priyanka

FortiOS 6.0.15 was released on 22 of September 2022 - does it, by any chance include the fix of this CVE ?

I have a pair of 1500D which cannot be upgraded in the immediate future, but which did upgrade to 6.0.15

Thanks

Thanks all.
I will change from SSLVPN to IP-sec.

FYI, Advisory updated.

https://fortiguard.fortinet.com/psirt/FG-IR-22-398

Please upgrade to upcoming FortiOS version 6.0.16 or above

https://www.fortiguard.com/psirt/FG-IR-22-398 states that v6.0.16 is under way.

An update:
6.0.16 with the vulnerability fix should be released by the end of this week

update:-

6.0.16 has been released. Please check the below release note:-

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ec15f6fb-7c07-11ed-8e6d-fa163e15d75b/fortios-v6.0.16-release-notes.pdf

Kindly follow the below upgrade path tool to go with the step-by-step upgrade

https://docs.fortinet.com/upgrade-tool

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Manual-firmware-upgrade-by-referring-upgrade-path/ta-p/193305#:~:text=1)%20Log%20into%20the%20FortiGate,previously%20downloaded%20firmware%20image%20file.

Regards

Priyanka

It's a malicious site.