{"id":3235,"date":"2022-12-15T15:46:26","date_gmt":"2022-12-15T20:46:26","guid":{"rendered":"https:\/\/cert.pa\/?p=3235"},"modified":"2022-12-15T15:46:26","modified_gmt":"2022-12-15T20:46:26","slug":"csirt-panama-aviso-2022-12-15-vulnerabilidad-en-fortios-heap-based-buffer-overflow-en-sslvpnd","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=3235","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2022-12-15 Vulnerabilidad en FortiOS &#8211; heap-based buffer overflow en sslvpnd"},"content":{"rendered":"\n<p><strong>CSIRT Panam\u00e1 Aviso 2022-12-15 Vulnerabilidad en FortiOS &#8211; heap-based buffer overflow en sslvpnd<\/strong><\/p>\n\n\n\n<p>Gravedad: Alta<br>Fecha de publicaci\u00f3n: diciembre 14, 2022<br>\u00daltima revisi\u00f3n: diciembre 14, 2022<br>Sitio web: https:\/\/www.fortiguard.com\/<br><strong>Sistemas Afectados:<\/strong><\/p>\n\n\n\n<p>FortiOS versi\u00f3n 7.2.0 a 7.2.2<br>FortiOS versi\u00f3n 7.0.0 a 7.0.8<br>FortiOS versi\u00f3n 6.4.0 a 6.4.10<br>FortiOS versi\u00f3n 6.2.0 a 6.2.11<br>FortiOS versi\u00f3n 6.0.0 a 6.0.15<br>FortiOS versi\u00f3n 5.6.0 a<br>5.6.14 FortiOS versi\u00f3n 5.4.0 a 5.4.13<br>FortiOS versi\u00f3n 5.2.0 a 5.2.15<br>FortiOS versi\u00f3n 5.0.0 a 5.0.14<br>FortiOS-6K7K versi\u00f3n 7.0.0 a 7.0.7<br>FortiOS-6K7K versi\u00f3n 6.4.0 a 6.4.9<br>FortiOS-6K7K versi\u00f3n 6.2.0 a 6.2.11<br>FortiOS-6K7K versi\u00f3n 6.0.0 a 6.0.14<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li><strong>Descripci\u00f3n<\/strong><\/li><\/ol>\n\n\n\n<p>Una vulnerabilidad de <strong>heap-based buffer overflow<\/strong>  en FortiOS SSL-VPN puede permitir que un atacante remoto no autenticado ejecute c\u00f3digo o comandos arbitrarios a trav\u00e9s de solicitudes dise\u00f1adas espec\u00edficamente.<\/p>\n\n\n\n<p>Fortinet tiene conocimiento de una instancia en la que se explot\u00f3 esta vulnerabilidad y recomienda validar inmediatamente sus sistemas contra los siguientes indicadores de compromiso:<\/p>\n\n\n\n<p>M\u00faltiples entradas de registro con:<\/p>\n\n\n\n<p>Logdesc=&#8221;Application crashed&#8221; and msg=&#8221;[&#8230;] application:sslvpnd,[&#8230;], Signal 11 received, Backtrace: [&#8230;]\u201c<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Presencia de los siguientes artefactos en el sistema de archivos:<\/p>\n\n\n\n<p><code>\/data\/lib\/libips.bak<\/code><br><code>\/data\/lib\/libgif.so<\/code><br><code>\/data\/lib\/libiptcp.so<\/code><br><code>\/data\/lib\/libipudp.so<\/code><br><code>\/data\/lib\/libjepg.so<\/code><br><code>\/var\/.sslvpnconfigbk<\/code><br><code>\/data\/etc\/wxd.conf<\/code><br><code>\/flash<\/code><\/p>\n\n\n\n<p>Conexiones a direcciones IP sospechosas desde FortiGate:<\/p>\n\n\n\n<p><code>188.34.130.40:444<\/code><br><code>103.131.189.143:30080,30081,30443,20443<\/code><br><code>192.36.119.61:8443,444<\/code><br><code>172.247.168.153:8033<\/code>2 <\/p>\n\n\n\n<p><strong>2. Referencia a soluciones, herramientas e informaci\u00f3n<\/strong><\/p>\n\n\n\n<p>Actualice a Fortigate versi\u00f3n 7.2.3, 7.0.9, 6.4.11 o 6.2.12 o posterior.<\/p>\n\n\n\n<p><strong>Fuentes:<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-398\">https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-398<\/a><\/p>\n\n\n\n<p><strong> Informaci\u00f3n de contacto<\/strong><br>CSIRT PANAMA<br>Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental<br>E-Mail: info@cert.pa<br>Phone: +507 520-2378<br>Web: https:\/\/cert.pa<br>Twitter: @CSIRTPanama<br>Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2022-12-15 Vulnerabilidad en FortiOS &#8211; heap-based buffer overflow en sslvpnd Gravedad: AltaFecha de publicaci\u00f3n: diciembre 14, 2022\u00daltima revisi\u00f3n: diciembre 14, 2022Sitio web: https:\/\/www.fortiguard.com\/Sistemas Afectados: FortiOS versi\u00f3n 7.2.0 a 7.2.2FortiOS versi\u00f3n 7.0.0 a&#8230;<\/p>\n","protected":false},"author":4,"featured_media":1020,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-3235","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3235"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3235\/revisions"}],"predecessor-version":[{"id":3236,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3235\/revisions\/3236"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1020"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}