PSIRTBuffer overflow in TFTP client library of CLI
Summary
A buffer overflow [CWE-121] in the TFTP client library of FortiOS, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
| Version | Affected | Solution |
|---|---|---|
| FortiADC 7.0 | Not affected | Not Applicable |
| FortiADC 6.2 | 6.2.0 through 6.2.2 | Upgrade to 6.2.3 or above |
| FortiADC 6.1 | 6.1.0 through 6.1.5 | Upgrade to 6.1.6 or above |
| FortiADC 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiADC 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiADC 5.3 | 5.3 all versions | Migrate to a fixed release |
| FortiADC 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiADC 5.1 | 5.1 all versions | Migrate to a fixed release |
| FortiADC 5.0 | 5.0 all versions | Migrate to a fixed release |
| FortiAnalyzer 7.0 | 7.0.0 through 7.0.2 | Upgrade to 7.0.3 or above |
| FortiAnalyzer 6.4 | 6.4.0 through 6.4.7 | Upgrade to 6.4.8 or above |
| FortiAnalyzer 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiAnalyzer 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiDDoS 5.6 | Not affected | Not Applicable |
| FortiDDoS 5.5 | 5.5.0 through 5.5.1 | Upgrade to 5.5.2 or above |
| FortiDDoS 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiDDoS 5.3 | 5.3 all versions | Migrate to a fixed release |
| FortiDDoS 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiDDoS 5.1 | 5.1 all versions | Migrate to a fixed release |
| FortiDDoS 5.0 | 5.0 all versions | Migrate to a fixed release |
| FortiDDoS 4.7 | 4.7 all versions | Migrate to a fixed release |
| FortiDDoS 4.6 | 4.6 all versions | Migrate to a fixed release |
| FortiDDoS 4.5 | 4.5 all versions | Migrate to a fixed release |
| FortiDDoS 4.4 | 4.4 all versions | Migrate to a fixed release |
| FortiDDoS-F 6.4 | 6.4.0 through 6.4.1 | Upgrade to 6.4.2 or above |
| FortiDDoS-F 6.3 | 6.3.0 | Upgrade to 6.3.1 or above |
| FortiDDoS-F 6.2 | 6.2.0 through 6.2.2 | Upgrade to 6.2.3 or above |
| FortiDDoS-F 6.1 | 6.1.0 through 6.1.4 | Upgrade to 6.1.5 or above |
| FortiMail 7.2 | Not affected | Not Applicable |
| FortiMail 7.0 | 7.0.0 through 7.0.2 | Upgrade to 7.0.3 or above |
| FortiMail 6.4 | 6.4.0 through 6.4.6 | Upgrade to 6.4.7 or above |
| FortiMail 6.2 | 6.2.0 through 6.2.7 | Migrate to a fixed release |
| FortiMail 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiMail 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiManager 7.0 | 7.0.0 through 7.0.2 | Upgrade to 7.0.3 or above |
| FortiManager 6.4 | 6.4.0 through 6.4.7 | Upgrade to 6.4.8 or above |
| FortiManager 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiManager 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiNDR 7.0 | Not affected | Not Applicable |
| FortiNDR 1.5 | 1.5.0 through 1.5.2 | Migrate to a fixed release |
| FortiNDR 1.4 | 1.4 all versions | Migrate to a fixed release |
| FortiNDR 1.3 | 1.3 all versions | Migrate to a fixed release |
| FortiNDR 1.2 | 1.2 all versions | Migrate to a fixed release |
| FortiNDR 1.1 | 1.1 all versions | Migrate to a fixed release |
| FortiOS 7.0 | 7.0.0 through 7.0.2 | Upgrade to 7.0.3 or above |
| FortiOS 6.4 | 6.4.0 through 6.4.7 | Upgrade to 6.4.8 or above |
| FortiOS 6.2 | 6.2.0 through 6.2.9 | Upgrade to 6.2.10 or above |
| FortiOS 6.0 | 6.0.0 through 6.0.13 | Upgrade to 6.0.14 or above |
| FortiOS 5.6 | 5.6 all versions | Migrate to a fixed release |
| FortiOS 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiOS 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiOS 5.0 | 5.0 all versions | Migrate to a fixed release |
| FortiOS-6K7K 6.4 | 6.4.6 | Upgrade to 6.4.8 or above |
| FortiOS-6K7K 6.4 | 6.4.2 | Upgrade to 6.4.8 or above |
| FortiOS-6K7K 6.2 | 6.2.6 through 6.2.7 | Upgrade to 6.2.9 or above |
| FortiOS-6K7K 6.2 | 6.2.4 | Upgrade to 6.2.9 or above |
| FortiOS-6K7K 6.0 | 6.0.12 through 6.0.17 | Migrate to a fixed release |
| FortiOS-6K7K 6.0 | 6.0.10 | Migrate to a fixed release |
| FortiPortal 6.0 | 6.0.0 through 6.0.10 | Upgrade to 6.0.11 or above |
| FortiPortal 5.3 | 5.3 all versions | Migrate to a fixed release |
| FortiPortal 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiPortal 5.1 | 5.1 all versions | Migrate to a fixed release |
| FortiPortal 5.0 | 5.0 all versions | Migrate to a fixed release |
| FortiProxy 7.0 | 7.0.0 through 7.0.1 | Upgrade to 7.0.2 or above |
| FortiProxy 2.0 | 2.0.0 through 2.0.7 | Upgrade to 2.0.8 or above |
| FortiProxy 1.2 | 1.2 all versions | Migrate to a fixed release |
| FortiProxy 1.1 | 1.1 all versions | Migrate to a fixed release |
| FortiProxy 1.0 | 1.0 all versions | Migrate to a fixed release |
| FortiRecorder 7.0 | Not affected | Not Applicable |
| FortiRecorder 6.4 | 6.4.0 through 6.4.2 | Upgrade to 6.4.3 or above |
| FortiRecorder 6.0 | 6.0.0 through 6.0.10 | Upgrade to 6.0.11 or above |
| FortiRecorder 2.7 | 2.7.0 through 2.7.7 | Upgrade to 2.7.8 or above |
| FortiRecorder 2.6 | 2.6 all versions | Migrate to a fixed release |
| FortiSwitch 7.2 | Not affected | Not Applicable |
| FortiSwitch 7.0 | 7.0.0 through 7.0.3 | Upgrade to 7.0.4 or above |
| FortiSwitch 6.4 | 6.4.0 through 6.4.9 | Upgrade to 6.4.10 or above |
| FortiSwitch 6.2 | 6.2.0 through 6.2.7 | Migrate to a fixed release |
| FortiSwitch 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiVoice 6.4 | 6.4.0 through 6.4.4 | Upgrade to 6.4.5 or above |
| FortiVoice 6.0 | 6.0.0 through 6.0.10 | Upgrade to 6.0.11 or above |
| FortiWeb 7.0 | Not affected | Not Applicable |
| FortiWeb 6.4 | 6.4.0 through 6.4.1 | Upgrade to 6.4.2 or above |
| FortiWeb 6.3 | 6.3.0 through 6.3.16 | Upgrade to 6.3.17 or above |
| FortiWeb 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiWeb 6.1 | 6.1 all versions | Migrate to a fixed release |
| FortiWeb 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiWeb 5.9 | 5.9 all versions | Migrate to a fixed release |
| FortiWeb 5.8 | 5.8 all versions | Migrate to a fixed release |
| FortiWeb 5.7 | 5.7 all versions | Migrate to a fixed release |
| FortiWeb 5.6 | 5.6 all versions | Migrate to a fixed release |
| FortiWeb 5.5 | 5.5 all versions | Migrate to a fixed release |
| FortiWeb 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiWeb 5.3 | 5.3 all versions | Migrate to a fixed release |
| FortiWeb 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiWeb 5.1 | 5.1 all versions | Migrate to a fixed release |
| FortiWeb 5.0 | 5.0 all versions | Migrate to a fixed release |
Acknowledgement
Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.
Timeline
2021-12-07: Initial publication