Heap-based Buffer Overflow in firmware signature verification
Summary
A heap-based buffer overflow [CWE-122] in the firmware signature verification function of FortiOS may allow an attacker to execute arbitrary code via specially crafted installation images.
Affected Products
FortiGate E-series and F-series models released in 2019 and later (specifically: 40F, 60F, 200F, 400E, 600E, 1100E, 1800F, 2200E, 2600F, 3300E, 3400E, 3500F, 3600E and 7121F)
that are running the following versions of FortiOS:
FortiOS version 7.0.1 and below.
FortiOS version 6.4.6 and below.
FortiOS version 6.2.9 and below.
FortiOS version 6.0.13 and below.
FortiOS-6K7K version 6.4.5 and below.
FortiOS-6K7K version 6.2.8 and below.
FortiOS-6K7K version 6.0.10 and below.
Solutions
Upgrade to FortiOS version 7.0.2 and above.
Upgrade to FortiOS version 6.4.7 and above.
Upgrade to FortiOS version 6.2.10 and above.
Upgrade to FortiOS version 6.0.14 and above.
Upgrade to FortiOS-6K7K version 6.4.6 and above.
Upgrade to FortiOS-6K7K version 6.2.9 and above.
Acknowledgement
Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.Timeline
2021-12-07: Initial publication