FortiNet have released the following about a CRITICAL Severity issue for FortiOS and FortiProxy captive portal.<\/p>\n\n\n\n
This issue has a CVSSv3 Score of 9.3.<\/p>\n\n\n\n
An out-of-bounds write vulnerability [CWE-787] and a Stack-based Buffer Overflow [CWE-121] in FortiOS & FortiProxy captive portal may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests.<\/p>\n\n\n\n
Set a non form-based authentication scheme:<\/p>\n\n\n\n
Where <method> can be any of those: None of the enabled authentication schemes should be form-based.<\/p>\n\n\n\n Please note that only devices with captive portal enabled are affected.<\/p>\n\n\n\n FortiOS version 7.4.0 through 7.4.1 Please upgrade to FortiOS version 7.4.2 or above Virtual Patch named \\”FortiOS.Captive.Portal.Out.Of.Bounds.Write.\\” is available in FMWP db update 23.105<\/p>\n\n\n\n Internally discovered and reported by Gwendal Gu\u00e9gniaud of Fortinet Product Security Team.<\/p>\n\n\n\n Information above provided by FortiNet FortiGuard PSIRT<\/p>\n","protected":false},"excerpt":{"rendered":" FortiNet have released the following about a CRITICAL Severity issue for FortiOS and FortiProxy captive portal. This issue has a CVSSv3 Score of 9.3. Summary An out-of-bounds write vulnerability [CWE-787] and a Stack-based Buffer Overflow [CWE-121] in FortiOS & FortiProxy captive portal may allow an inside attacker who has access to captive portal to execute […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9],"tags":[8],"class_list":["post-149","post","type-post","status-publish","format-standard","hentry","category-fortinet-alerts","tag-fortinet-firewall"],"_links":{"self":[{"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/posts\/149","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/comments?post=149"}],"version-history":[{"count":0,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/posts\/149\/revisions"}],"wp:attachment":[{"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/media?parent=149"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/categories?post=149"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securesphere.co.nz\/index.php\/wp-json\/wp\/v2\/tags?post=149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}config authentication scheme
edit scheme
set method method
next
end<\/code><\/p>\n\n\n\n
ntlm NTLM authentication
basic Basic HTTP authentication
digest Digest HTTP authentication
negotiate Negotiate authentication
fsso Fortinet Single Sign-On (FSSO) authentication
rsso RADIUS Single Sign-On (RSSO) authentication
ssh-publickey Public key based SSH authentication
cert Client certificate authentication
saml SAML authentication<\/p>\n\n\n\nAffected Products<\/h3>\n\n\n\n
FortiOS version 7.2.0 through 7.2.5
FortiOS version 7.0.0 through 7.0.12
FortiOS version 6.4.0 through 6.4.14
FortiOS version 6.2.0 through 6.2.15
FortiProxy version 7.4.0
FortiProxy version 7.2.0 through 7.2.6
FortiProxy version 7.0.0 through 7.0.12
FortiProxy version 2.0.0 through 2.0.13<\/p>\n\n\n\nSolutions<\/h3>\n\n\n\n
Please upgrade to FortiOS version 7.2.6 or above
Please upgrade to FortiOS version 7.0.13 or above
Please upgrade to FortiOS version 6.4.15 or above
Please upgrade to FortiOS version 6.2.16 or above
Please upgrade to FortiProxy version 7.4.1 or above
Please upgrade to FortiProxy version 7.2.7 or above
Please upgrade to FortiProxy version 7.0.13 or above
Please upgrade to FortiProxy version 2.0.14 or above
Fortinet in Q3\/23 has remediated this issue in FortiSASE version 23.3.b and hence the customers need not perform any action.<\/p>\n\n\n\nAcknowledgement<\/h3>\n\n\n\n