Vigil@nce - Fortinet FortiOS: multiple vulnerabilities of CAPWAP
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of CAPWAP of Fortinet
FortiOS.
Impacted products: FortiGate, FortiGate Virtual Appliance
Severity: 2/4
Creation date: 29/01/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Fortinet FortiOS CAPWAP
(Control And Provisioning of Wireless Access Points).
An attacker can send numerous DTLS ClientHello packets, in order
to trigger a denial of service. [severity:2/4; CVE-2015-1452]
Key used for DTLS are constant, so an attacker can act as a
Man-In-The-Middle. However, Fortinet disputes this vulnerability.
[severity:1/4; CVE-2015-1571]
An attacker can trigger a Cross Site Scripting with a CAPWAP Join
packet, in order to execute JavaScript code in the context of the
web site. [severity:2/4; CVE-2015-1451]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Fortinet-FortiOS-multiple-vulnerabilities-of-CAPWAP-16081