CVE-2020-12819

CVE Database · CVE-2020-12819

CVE-2020-12819

· MEDIUMAnalyzed

CVSS v3.1

5.4

EPSS

0.76%

Published

Dec 19, 2024

Modified

Jan 21, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Weaknesses (CWE)

CWE-122CWE-787

Affected Products (4)

fortinet · fortios (up to 5.6.13)vulnerable

fortinet · fortios (up to 6.0.11)vulnerable

fortinet · fortios (up to 6.2.5)vulnerable

fortinet · fortios (up to 6.4.2)vulnerable

References (1)

https://fortiguard.com/advisory/FG-IR-20-082

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs