środa, 25 października 2017

Patch your Fortinet - CVE-2017-14182

Few weeks ago during some pentest I found that tested Fortinet-appliance is sometime restarting... I wasn't sure about the reason so I decided to contact directly with the Fortinet's PSIRT. Patch is ready so below you will find few details about it. Enjoy...

TL;DR ;]

The problematic request found during pentest:

Here you will find another one (copy/paste from Burp's 'fuzzing session' from Intruder):

As a response (btw: you can also find this information in the Fortinet's logs in webapp) should be similar to the one presented below:

As far as I know, for this bug we are reserving CVE-2017-14182.

I would like to thank Fortinet PSIRT for the great cooperation under responsible disclosure.


Brak komentarzy:

Prześlij komentarz