PSIRT Advisory

FortiGate Vulnerabilities in FortiManager Service

Description

A temporary denial of service condition can be created using a specially crafted request sent to the FortiManager protocol service in FortiOS version 5.0.0 to 5.0.7 and FortiOS version 4.3.15 and lower. Code execution has not been demonstrated, but may be possible under certain conditions. (CVE-2014-0352)
In addition, an attacker in a privileged network position may be able to perform a man-in-the-middle attack on FortiManager protocol communications through the use of an anonymous cipher suite. (CVE-2014-0351)
2014-08-19, Version 1: Initial Advisory for CVE-2014-2216.
2014-09-08, Version 2: Added CVE-2014-0351. CVE-2014-2216 has been renumbered to CVE-2014-0352 to match CERT-CC advisory.

Impact

Denial of Service

Affected Products

FortiOS 5.0.0 to 5.0.7, FortiOS 4.3.15 and lower.

Solutions

Upgrade to FortiOS 4.3.16, 5.0.8, or 5.2.0.
These vulnerabilities can also be mitigated by disabling FGFM-Access on the interface, or blocking traffic for TCP port 541 with a local-in policy.

Acknowledgement

Gregor Kopf (Recurity Labs)