CVE-2021-42757

CWE-120 — Classic Buffer Overflow CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 77.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiadc Fortinet Fortianalyzer Fortinet Fortiddos +13 more

Timeline

PublishedDec 8

Latest updateDec 9

Description

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages27 packages

▶CVEListV5fortinet/fortios6.0.0 — 6.0.13+7

▶NVDfortinet/fortios5.0.0 — 6.0.13+3

▶NVDfortinet/fortios-6k7k6.2.8+2

▶CVEListV5fortinet/fortiadc6.1.0 — 6.1.5+7

▶CVEListV5fortinet/fortindr1.5.0 — 1.5.2+4

🔴Vulnerability Details

GHSA

GHSA-8xwq-gmgr-vq48: A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6↗2021-12-09

▶

CVEList

CVE-2021-42757: A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6↗2021-12-08

▶

📋Vendor Advisories

Fortinet

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allo...↗2021-12-08

▶

External resources

NVD MITRE

Affected products16

Fortinet Fortiadc≥ 6.1.0, ≤ 6.1.5≥ 6.0.0, ≤ 6.0.4≥ 5.4.0, ≤ 5.4.5+6 more

Fortinet Fortianalyzer≥ 6.4.0, ≤ 6.4.7≥ 6.2.0, ≤ 6.2.13≥ 7.0.0, ≤ 7.0.2+2 more

Fortinet Fortiddos≥ 5.5.0, ≤ 5.5.1≥ 5.4.0, ≤ 5.4.3≥ 5.3.0, ≤ 5.3.2+7 more

Fortinet Fortiddos-f≥ 6.4.0, ≤ 6.4.1≥ 6.2.0, ≤ 6.2.2≥ 6.1.0, ≤ 6.1.4+1 more

Fortinet Fortimail≥ 6.2.0, ≤ 6.2.7≥ 6.0.0, ≤ 6.0.12≥ 7.0.0, ≤ 7.0.2+3 more

Fortinet Fortimanager≥ 6.4.0, ≤ 6.4.7≥ 6.2.0, ≤ 6.2.13≥ 7.0.0, ≤ 7.0.2+2 more

Fortinet Fortindr≥ 1.5.0, ≤ 1.5.2≥ 1.3.0, ≤ 1.3.1≥ 1.1.0, ≤ 1.5.2+3 more

Fortinet Fortios≥ 6.0.0, ≤ 6.0.13≥ 5.6.0, ≤ 5.6.14≥ 5.4.0, ≤ 5.4.13+6 more

Fortinet Fortios-6k7k≤ 6.2.8v6.4.2v6.4.6

Fortinet Fortiportal≥ 6.0.0, ≤ 6.0.10≥ 5.3.0, ≤ 5.3.8≥ 5.2.0, ≤ 5.2.6+3 more

Disclosure

PublishedDec 8, 2021

Latest updateDec 9, 2021