Question 1

What is CVE-2019-15705?

Accepted Answer

CVE-2019-15705 is a high-severity software vulnerability (Improper input validation) with a CVSS score of 7.5. An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request.

Question 2

Is CVE-2019-15705 being actively exploited?

Accepted Answer

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 1%.

Question 3

What products does CVE-2019-15705 affect?

Accepted Answer

Tracked products affected include Fortinet FortiOS. Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2019-15705?

Accepted Answer

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2019-15705

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information