VYPR
Unrated severityNVD Advisory· Published Dec 19, 2024· Updated Dec 20, 2024

CVE-2020-12819

CVE-2020-12819

Description

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context

Affected products

1
  • cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    Range: 6.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.