Vulnerability Details : CVE-2019-17656
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2019-17656
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-17656
2.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-17656
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | |
|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
2.8
|
2.5
|
Fortinet, Inc. |
CWE ids for CVE-2019-17656
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-17656
-
https://fortiguard.com/advisory/FG-IR-19-248
FortiOS HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability | FortiGuardVendor Advisory
-
https://fortiguard.com/advisory/FG-IR-21-007
Vendor Advisory
Jump to