The United States Computer Readiness Team (US-CERT) has issued an alert regarding a security advisory by Fortinet to highlight a vulnerability in versions of FortiGate firmware that were released before August 2012.
Cookie Parser Buffer Overflow Vulnerability
According to Fortinet, FortiGate firmware (FOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerability, when exploited by a crafted HTTP request, can result in execution control being taken over. The risk level has been categorized as high (4) and the affected products are listed below.
FortiGate (FOS):
4.3.8 and below
4.2.12 and below
4.1.10 and below
Affected firmware versions are lower versions of 4.x firmware release. FOS 5.x firmware is Not affected, according to Fortinet.
Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Using unpatched software increases risks from viruses and other security threats, and attackers may target vulnerabilities for months or even years after patches are available, said US-CERT.