Fortigate SSL VPNí§ÒâÎļþ¶ÁÈ¡Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-08-26

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-13379£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


FortiOS 5.6.3 - 5.6.7

FortiOS 6.0.0 - 6.0.4


Îó²î¸ÅÊö


Fortinet FortiOSÊÇÃÀ¹ú·ÉËþ£¨Fortinet£©¹«Ë¾µÄÒ»Ì×רÓÃÓÚFortiGateÍøÂçÇ徲ƽ̨ÉϵÄÇå¾²²Ù×÷ϵͳ¡£¡£ ¡£¡£¸ÃϵͳΪÓû§Ìṩ·À»ðǽ¡¢·À²¡¶¾¡¢IPSec/SSLVPN¡¢WebÄÚÈݹýÂ˺ͷ´À¬»øÓʼþµÈ¶àÖÖÇå¾²¹¦Ð§¡£¡£ ¡£¡£


Fortigate SSL VPNÔÚÈ«ÇòVPNÊг¡Î»ÁÐÇ°5£¬£¬£¬£¬£¬ÎÞÊý´óÖÐÐ͹«Ë¾¶¼ÔÚʹÓᣡ£ ¡£¡£´Ë´ÎÆسöµÄí§ÒâÎļþ¶ÁÈ¡Îó²îʹÓ÷½·¨¼òÆÓ£¬£¬£¬£¬£¬Ó°Ïì¹æÄ£½Ï¹ã£¬£¬£¬£¬£¬¿ÉÄÜ»áÔÚÒÔºóºÜ³¤Ò»¶Îʱ¼äÄÚÒ»Á¬ÍþвFortigate SSL VPNµÄÓû§¡£¡£ ¡£¡£


¸ÃÎó²îÔ´ÓÚʹÓÃÁ˲»Çå¾²µÄº¯Êý£¬£¬£¬£¬£¬µ¼ÖÂδÄÜ׼ȷ¹ýÂËURLÖеĶñÒâ´úÂ룬£¬£¬£¬£¬×îÖÕÔì³Éí§ÒâÎļþ¶ÁÈ¡¡£¡£ ¡£¡£ÏêϸÈçÏ£º


Fortigate SSL VPNµÄij¸öÒ³ÃæÔÚ»ñÈ¡¶ÔÓ¦¹ú¼ÒµÄÓïÑÔÎļþʱ£¬£¬£¬£¬£¬»áʹÓÃURLÖеÄlang²ÎÊýÈ¥¹¹½¨Òª¶ÁÈ¡µÄÎļþÃû£¬£¬£¬£¬£¬Ê¾ÀýÈçÏ£º


snprintf(s, 0x40, "/migadmin/lang/%s.json", lang);


ÒÔÉϺ¯ÊýûÓÐÈκÎÇå¾²±£»£»£»¤£¬£¬£¬£¬£¬ËäȻòËÆÖ»ÄÜÖ¸¶¨jsonÎļþ£¬£¬£¬£¬£¬µ«ÏÖʵÉÏÎÒÃÇ¿ÉÒÔʹÓÃsnprintfµÄÌØÕ÷ʵÏÖí§ÒâÎļþ¶ÁÈ¡¡£¡£ ¡£¡£Æ¾Ö¤º¯ÊýµÄ²ÎÊý£¬£¬£¬£¬£¬Æä×î¶à½«Õ»¿Õ¼ä-1µÄ×Ö·û´®Ð´ÈëÊä³öÖС£¡£ ¡£¡£Òò´Ë£¬£¬£¬£¬£¬ÎÒÃÇÖ»ÐèҪʹÊäÈëÁè¼Ý»º³åÇø´óС£¡£ ¡£¡£¬£¬£¬£¬£¬.json¾Í»áÒòº¯ÊýÏÞÖƶø±»É¾³ý£¬£¬£¬£¬£¬ÎÒÃǾͿÉÒÔ¶ÁÈ¡í§ÒâÎļþ¡£¡£ ¡£¡£


Îó²îÑéÖ¤


EXP: https://cxsecurity.com/issue/WLB-2019080089¡£¡£ ¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó£º

https://fortiguard.com/psirt/FG-IR-18-384¡£¡£ ¡£¡£


²Î¿¼Á´½Ó


http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201905-1026