CVE-2019-17656
Last modified
CVE-2019-17656 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.. EPSS estimates a 1.57% chance of exploitation in the next 30 days.
Description
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiproxy | >= 1.0.0, < 1.2.10 |
| Fortinet | Fortiproxy | >= 2.0.0, < 2.0.2 |
| Fortinet | Fortios | <= 6.0.10 |
| Fortinet | Fortios | >= 6.2.0, <= 6.2.2 |
References
- https://fortiguard.com/advisory/FG-IR-19-248Vendor Advisory
- https://fortiguard.com/advisory/FG-IR-21-007Vendor Advisory
- https://fortiguard.com/advisory/FG-IR-19-248Vendor Advisory
- https://fortiguard.com/advisory/FG-IR-21-007Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-17656?
How severe is CVE-2019-17656?
How do I fix CVE-2019-17656?
Are you affected by CVE-2019-17656?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST