CVE-2020-12819 Information

Description

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12 6.0.10 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet when tunnel mode is enabled. Arbitrary code execution may be theoretically possible albeit practically very difficult to achieve in this context

Reference

https://fortiguard.com/advisory/FG-IR-20-082