CVE-2020-12820: 
FortiOS vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability (CVE-2020-12820) was discovered in FortiOS versions 6.0.10 and below, as well as version 5.6.12 and below. The vulnerability affects the FortiClient NAC daemon (fcnacd) in the SSL VPN component under non-default configuration. This security issue was reported by Communications Security Establishment Canada (CSEC) and was officially published on September 24, 2020 (Fortiguard PSIRT).

The vulnerability is a stack-based buffer overflow that occurs in the processing of FortiClient filename names requested by SSL VPN clients from the web portal. The issue has been assigned a CVSSv3 score of 5.4, indicating medium severity. The vulnerability specifically affects the FortiClient NAC daemon (fcnacd) when both Fortiheartbeat and Endpoint-Compliance are enabled on the same interface (Fortiguard PSIRT).

When successfully exploited, this vulnerability could allow an authenticated remote attacker to crash the FortiClient NAC daemon (fcnacd). Additionally, there is a potential for arbitrary code execution, although no proof of concept code has been confirmed to achieve this outcome (Fortiguard PSIRT).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to FortiOS versions 5.6.13 or above for the 5.6 branch, or FortiOS versions 6.0.11 or above for the 6.0 branch. FortiOS versions 6.2.0 and above, as well as 6.4.0 and above, are not impacted. As a workaround, users can disable either Fortiheartbeat or Endpoint-Compliance on the affected interface using CLI commands (Fortiguard PSIRT).