Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vvserpent
New Contributor II

Created on ‎10-11-2022 01:42 AM

Question about CVE-2022-29055

I have some Fortigates configured as SSL VPN Gateway and found CVE-2022-29055 recently. 

 

The current running software releases are hit by this CVE. 

 

The document mentioned ,  the SSL VPN Portal may allow attacker to crash the sslvpn daemon via an HTTP GET request.

 

As we using the Forticlient to setup the VPN with tunnel mode. Is it possible to disable the SSL VPN web mode as workaround to this CVE ? 

 

Labels:
2284
0 Kudos
4 REPLIES 4
scan888
Contributor

Created on ‎10-11-2022 01:48 AM

Hi @vvserpent 

 

Yes, you can disable it on the SSL-VPN Settings:

2022-10-11_10h47_24.png

 

If you have no "Enable SSL-VPN" Flag, remove all Interfaces on this configuration page.

- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
2275
0 Kudos
vvserpent
New Contributor II
In response to scan888

Created on ‎10-11-2022 01:53 AM

Hi Scan888,

 

Thanks for the information,  Is it equal to disable the SSL VPN feature ? 

 

 

2269
0 Kudos
Debbie_FTNT
Staff
Staff

Created on ‎10-11-2022 01:49 AM

Hey vvserpent,

the CVE also links to the FortiGuard PSIRT Advisory here: https://www.fortiguard.com/psirt/FG-IR-22-086

There should be unaffected versions already available.

I did check our internal bug database for known workarounds, but none were listed, so it's unclear if disabling web mode would prevent this from being exploitable, my apologies.

The related bug ID is 800259; you should be able to find it listed in the release notes with a fix for the vulnerability.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
2271
0 Kudos
scan888
Contributor
In response to Debbie_FTNT

Created on ‎10-11-2022 02:06 AM

Hey all

 

The "sslvpnd" process is only started if you have enabled the feature and have a firewall policy configured. 
If you have no firewall policy or the feature is disabled the deamon is not start.

In my opinion is not possible to crash an deamon who is not started.

In your case you can check that with the following command:

diagnose sys process pidof sslvpnd

If you get an "Process-ID" back, the deamon is running. If not, the deamon is stopped.

2022-10-11_11h05_59.png

- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
2261
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.