CVE-2020-12820
published 2024-12-19CVE-2020-12820: Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient | — | — |
| fortinet | fortios | < 5.6.13 | 5.6.13 |
| fortinet | fortios | — | — |
| fortinet | fortios | 5.6.0 – 5.6.12 | — |
| fortinet | fortios | >= 6.0.0 < 6.0.11 | 6.0.11 |
| fortinet | fortios | 6.0.0 – 6.0.10 | — |