Fortigate SSL VPNí§ÒâÎļþ¶ÁÈ¡Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-08-26

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-13379£¬£¬£¬ £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


FortiOS 5.6.3 - 5.6.7

FortiOS 6.0.0 - 6.0.4


Îó²î¸ÅÊö


Fortinet FortiOSÊÇÃÀ¹ú·ÉËþ£¨Fortinet£©¹«Ë¾µÄÒ»Ì×רÓÃÓÚFortiGateÍøÂçÇ徲ƽ̨ÉϵÄÇå¾²²Ù×÷ϵͳ ¡£¡£¡£¡£¡£¡£¡£¸ÃϵͳΪÓû§Ìṩ·À»ðǽ¡¢·À²¡¶¾¡¢IPSec/SSLVPN¡¢WebÄÚÈݹýÂ˺ͷ´À¬»øÓʼþµÈ¶àÖÖÇå¾²¹¦Ð§ ¡£¡£¡£¡£¡£¡£¡£


Fortigate SSL VPNÔÚÈ«ÇòVPNÊг¡Î»ÁÐÇ°5£¬£¬£¬ £¬£¬£¬£¬£¬ÎÞÊý´óÖÐÐ͹«Ë¾¶¼ÔÚʹÓà ¡£¡£¡£¡£¡£¡£¡£´Ë´ÎÆسöµÄí§ÒâÎļþ¶ÁÈ¡Îó²îʹÓ÷½·¨¼òÆÓ£¬£¬£¬ £¬£¬£¬£¬£¬Ó°Ïì¹æÄ£½Ï¹ã£¬£¬£¬ £¬£¬£¬£¬£¬¿ÉÄÜ»áÔÚÒÔºóºÜ³¤Ò»¶Îʱ¼äÄÚÒ»Á¬ÍþвFortigate SSL VPNµÄÓû§ ¡£¡£¡£¡£¡£¡£¡£


¸ÃÎó²îÔ´ÓÚʹÓÃÁ˲»Çå¾²µÄº¯Êý£¬£¬£¬ £¬£¬£¬£¬£¬µ¼ÖÂδÄÜ׼ȷ¹ýÂËURLÖеĶñÒâ´úÂ룬£¬£¬ £¬£¬£¬£¬£¬×îÖÕÔì³Éí§ÒâÎļþ¶ÁÈ¡ ¡£¡£¡£¡£¡£¡£¡£ÏêϸÈçÏ£º


Fortigate SSL VPNµÄij¸öÒ³ÃæÔÚ»ñÈ¡¶ÔÓ¦¹ú¼ÒµÄÓïÑÔÎļþʱ£¬£¬£¬ £¬£¬£¬£¬£¬»áʹÓÃURLÖеÄlang²ÎÊýÈ¥¹¹½¨Òª¶ÁÈ¡µÄÎļþÃû£¬£¬£¬ £¬£¬£¬£¬£¬Ê¾ÀýÈçÏ£º


snprintf(s, 0x40, "/migadmin/lang/%s.json", lang);


ÒÔÉϺ¯ÊýûÓÐÈκÎÇå¾²±£»£»£»£» £»£»£»¤£¬£¬£¬ £¬£¬£¬£¬£¬ËäȻòËÆÖ»ÄÜÖ¸¶¨jsonÎļþ£¬£¬£¬ £¬£¬£¬£¬£¬µ«ÏÖʵÉÏÎÒÃÇ¿ÉÒÔʹÓÃsnprintfµÄÌØÕ÷ʵÏÖí§ÒâÎļþ¶ÁÈ¡ ¡£¡£¡£¡£¡£¡£¡£Æ¾Ö¤º¯ÊýµÄ²ÎÊý£¬£¬£¬ £¬£¬£¬£¬£¬Æä×î¶à½«Õ»¿Õ¼ä-1µÄ×Ö·û´®Ð´ÈëÊä³öÖÐ ¡£¡£¡£¡£¡£¡£¡£Òò´Ë£¬£¬£¬ £¬£¬£¬£¬£¬ÎÒÃÇÖ»ÐèҪʹÊäÈëÁè¼Ý»º³åÇø¾Þϸ£¬£¬£¬ £¬£¬£¬£¬£¬.json¾Í»áÒòº¯ÊýÏÞÖƶø±»É¾³ý£¬£¬£¬ £¬£¬£¬£¬£¬ÎÒÃǾͿÉÒÔ¶ÁÈ¡í§ÒâÎļþ ¡£¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


EXP: https://cxsecurity.com/issue/WLB-2019080089 ¡£¡£¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬ £¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó£º

https://fortiguard.com/psirt/FG-IR-18-384 ¡£¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201905-1026