CVE-2020-12819

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context

Published: Dec 19, 2024
Updated: May 4, 2025
CVE: CVE-2020-12819
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fortinet / fortios	6.2.0	6.2.5
fortinet / fortios	6.0.0	6.0.11
fortinet / fortios	6.4.0	6.4.2
fortinet / fortios	-	5.6.13

https://fortiguard.com/advisory/FG-IR-20-082

Vulnerability Database

289,871

CVE-2020-12819