Question about CVE-2022-29055

Forum|Forum|3 years ago
October 11, 2022
2 replies
3413 views

I have some Fortigates configured as SSL VPN Gateway and found CVE-2022-29055 recently.

The current running software releases are hit by this CVE.

The document mentioned , the SSL VPN Portal may allow attacker to crash the sslvpn daemon via an HTTP GET request.

As we using the Forticlient to setup the VPN with tunnel mode. Is it possible to disable the SSL VPN web mode as workaround to this CVE ?

FortiGate

scan888

New Member

Hi @vvserpent

Yes, you can disable it on the SSL-VPN Settings:

If you have no "Enable SSL-VPN" Flag, remove all Interfaces on this configuration page.

vvserpentAuthor

Explorer

Hi Scan888,

Thanks for the information, Is it equal to disable the SSL VPN feature ?

Debbie_FTNT

Staff & Editor

Hey vvserpent,

the CVE also links to the FortiGuard PSIRT Advisory here: https://www.fortiguard.com/psirt/FG-IR-22-086

There should be unaffected versions already available.

I did check our internal bug database for known workarounds, but none were listed, so it's unclear if disabling web mode would prevent this from being exploitable, my apologies.

The related bug ID is 800259; you should be able to find it listed in the release notes with a fix for the vulnerability.

scan888

New Member

Hey all

The "sslvpnd" process is only started if you have enabled the feature and have a firewall policy configured.
If you have no firewall policy or the feature is disabled the deamon is not start.

In my opinion is not possible to crash an deamon who is not started.

In your case you can check that with the following command:

diagnose sys process pidof sslvpnd

If you get an "Process-ID" back, the deamon is running. If not, the deamon is stopped.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded