Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vvserpent
New Contributor II

Question about CVE-2022-29055

I have some Fortigates configured as SSL VPN Gateway and found CVE-2022-29055 recently. 

 

The current running software releases are hit by this CVE. 

 

The document mentioned ,  the SSL VPN Portal may allow attacker to crash the sslvpn daemon via an HTTP GET request.

 

As we using the Forticlient to setup the VPN with tunnel mode. Is it possible to disable the SSL VPN web mode as workaround to this CVE ? 

 

4 REPLIES 4
scan888
Contributor

Hi @vvserpent 

 

Yes, you can disable it on the SSL-VPN Settings:

2022-10-11_10h47_24.png

 

If you have no "Enable SSL-VPN" Flag, remove all Interfaces on this configuration page.

- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
vvserpent
New Contributor II

Hi Scan888,

 

Thanks for the information,  Is it equal to disable the SSL VPN feature ? 

 

 

Debbie_FTNT
Staff
Staff

Hey vvserpent,

the CVE also links to the FortiGuard PSIRT Advisory here: https://www.fortiguard.com/psirt/FG-IR-22-086

There should be unaffected versions already available.

I did check our internal bug database for known workarounds, but none were listed, so it's unclear if disabling web mode would prevent this from being exploitable, my apologies.

The related bug ID is 800259; you should be able to find it listed in the release notes with a fix for the vulnerability.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
scan888

Hey all

 

The "sslvpnd" process is only started if you have enabled the feature and have a firewall policy configured. 
If you have no firewall policy or the feature is disabled the deamon is not start.

In my opinion is not possible to crash an deamon who is not started.

In your case you can check that with the following command:

diagnose sys process pidof sslvpnd

If you get an "Process-ID" back, the deamon is running. If not, the deamon is stopped.

2022-10-11_11h05_59.png

- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
Labels
Top Kudoed Authors