Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Question about CVE-2022-29055

I have some Fortigates configured as SSL VPN Gateway and found CVE-2022-29055 recently. 


The current running software releases are hit by this CVE. 


The document mentioned ,  the SSL VPN Portal may allow attacker to crash the sslvpn daemon via an HTTP GET request.


As we using the Forticlient to setup the VPN with tunnel mode. Is it possible to disable the SSL VPN web mode as workaround to this CVE ? 



Hi @vvserpent 


Yes, you can disable it on the SSL-VPN Settings:



If you have no "Enable SSL-VPN" Flag, remove all Interfaces on this configuration page.

- Have you found a solution? Then give your helper a "Like" and mark the solution.

Hi Scan888,


Thanks for the information,  Is it equal to disable the SSL VPN feature ? 




Hey vvserpent,

the CVE also links to the FortiGuard PSIRT Advisory here:

There should be unaffected versions already available.

I did check our internal bug database for known workarounds, but none were listed, so it's unclear if disabling web mode would prevent this from being exploitable, my apologies.

The related bug ID is 800259; you should be able to find it listed in the release notes with a fix for the vulnerability.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

Hey all


The "sslvpnd" process is only started if you have enabled the feature and have a firewall policy configured. 
If you have no firewall policy or the feature is disabled the deamon is not start.

In my opinion is not possible to crash an deamon who is not started.

In your case you can check that with the following command:

diagnose sys process pidof sslvpnd

If you get an "Process-ID" back, the deamon is running. If not, the deamon is stopped.


- Have you found a solution? Then give your helper a "Like" and mark the solution.
New Contributor

Thanks for answering :)

Stay happy always :)