Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-17656

A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.

Published

2021-04-12T15:15:13.827

Last Modified

2024-11-21T04:32:42.930

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiproxy	< 1.2.10	Yes
Application	fortinet	fortiproxy	< 2.0.2	Yes
Operating System	fortinet	fortios	≤ 6.0.10	Yes
Operating System	fortinet	fortios	≤ 6.2.2	Yes

References

https://fortiguard.com/advisory/FG-IR-19-248 Vendor Advisory ([email protected])
https://fortiguard.com/advisory/FG-IR-21-007 Vendor Advisory ([email protected])
https://fortiguard.com/advisory/FG-IR-19-248 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://fortiguard.com/advisory/FG-IR-21-007 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)