A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-21-173 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Jan 2024, 15:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:* |
29 Aug 2023, 19:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:* cpe:2.3:a:fortinet:fortios-6k7k:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortios-6k7k:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortios-6k7k:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:* |
|
First Time |
Fortinet fortiswitch
Fortinet fortirecorder Firmware Fortinet fortiportal Fortinet fortimail Fortinet fortios-6k7k Fortinet fortindr Fortinet fortiadc Fortinet fortiproxy Fortinet fortivoice |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 |
09 Dec 2021, 17:41
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://fortiguard.com/advisory/FG-IR-21-173 - Vendor Advisory | |
CWE | CWE-120 | |
CPE | cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 6.7 |
08 Dec 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-08 11:15
Updated : 2024-01-18 15:48
NVD link : CVE-2021-42757
Mitre link : CVE-2021-42757
CVE.ORG link : CVE-2021-42757
JSON object : View
Products Affected
fortinet
- fortiportal
- fortios-6k7k
- fortiproxy
- fortindr
- fortivoice
- fortimail
- fortiadc
- fortiswitch
- fortios
- fortirecorder_firmware
- fortiweb
- fortianalyzer
- fortimanager
CWE
CWE-787
Out-of-bounds Write