cve/2015/CVE-2015-2281.md

CVE-2015-2281

Description

Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.

POC

Reference

• http://seclists.org/fulldisclosure/2015/Mar/111
• http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow
• https://www.exploit-db.com/exploits/36422/

Github

• https://github.com/ARPSyndicate/cvemon