CVE-2015-2281

Fortinet Single Sign ON - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textdoswindows

https://www.exploit-db.com/exploits/36422

View Code ZIP pw:eip

References (8)

[Exploit] http://seclists.org/fulldisclosure/2015/Mar/111

[Exploit] http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow

[Vendor Advisory] http://www.fortiguard.com/advisory/FG-IR-15-006/

[Third Party Advisory, VDB Entry] http://www.osvdb.org/119719

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/534918/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/73206

[Vendor Advisory] http://www.fortiguard.com/advisory/2015-02-27-fsso-stack-based-buffer-overflow

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/36422/

Scores

EPSS 0.3162

EPSS Percentile 96.7%

Classification

CWE

CWE-119

Status draft

Affected Products (1)

fortinet/single_sign_on

Timeline

Published Mar 19, 2015

Tracked Since Feb 18, 2026