Stack-based buffer overflow in command line interpreter

Summary

Multiple stack-based buffer overflows [CWE-121] in the command line interpreter of FortiWeb, FortiMail, FortiADC, FortiDDoS, FortiDDoS-F, FortiNDR, FortiRecorder, FortiVoiceEnterprise, FortiDDoS-CM and FortiFone may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

Affected Products

FortiFone version 3.0.0 through 3.0.11
FortiWeb version 6.4.0 through 6.4.1
FortiWeb version 6.3.0 through 6.3.15
FortiMail version 7.0.0 through 7.0.2
FortiMail version 6.4.0 through 6.4.6
FortiMail version 6.2.0 through 6.2.8
FortiMail 6.0 all versions
FortiMail 5.4 all versions
FortiVoiceEnterprise version 6.4.0 through 6.4.4
FortiVoiceEnterprise version 6.0.0 through 6.0.10
FortiDDoS-F version 6.3.0
FortiDDoS-F version 6.2.0 through 6.2.2
FortiDDoS-F version 6.1.0 through 6.1.4
FortiADC version 7.0.0
FortiADC version 6.2.0 through 6.2.2
FortiADC version 6.1.0 through 6.1.6
FortiADC 6.0 all versions
FortiADC 5.4 all versions
FortiADC 5.3 all versions
FortiADC 5.2 all versions
FortiADC 5.1 all versions
FortiADC 5.0 all versions
FortiNDR 1.5 all versions
FortiNDR 1.4 all versions
FortiNDR 1.3 all versions
FortiNDR 1.2 all versions
FortiNDR 1.1 all versions
FortiDDoS-CM version 5.5.0 through 5.5.1
FortiDDoS-CM version 5.4.0 through 5.4.3
FortiDDoS-CM version 5.3.0 through 5.3.1
FortiDDoS-CM 5.2 all versions
FortiDDoS-CM 5.1 all versions
FortiDDoS-CM 5.0 all versions
FortiDDoS-CM 4.7 all versions
FortiRecorder version 6.4.0 through 6.4.2
FortiRecorder version 6.0.0 through 6.0.10
FortiRecorder 2.7 all versions
FortiRecorder 2.6 all versions
FortiDDoS version 5.7.0
FortiDDoS version 5.6.0 through 5.6.1
FortiDDoS version 5.5.0 through 5.5.1
FortiDDoS version 5.4.0 through 5.4.3
FortiDDoS version 5.3.0 through 5.3.2
FortiDDoS 5.2 all versions
FortiDDoS 5.1 all versions
FortiDDoS 5.0 all versions
FortiDDoS 4.7 all versions
FortiDDoS 4.6 all versions
FortiDDoS 4.5 all versions
FortiDDoS 4.4 all versions

Solutions

Please upgrade to FortiFone version 3.0.12 or above
Please upgrade to FortiWeb version 7.0.0 or above
Please upgrade to FortiWeb version 6.4.2 or above
Please upgrade to FortiWeb version 6.3.17 or above
Please upgrade to FortiWeb version 6.3.16 or above
Please upgrade to FortiWeb version 6.2.7 or above
Please upgrade to FortiRecorder version 7.0.0 or above
Please upgrade to FortiRecorder version 6.4.3 or above
Please upgrade to FortiRecorder version 6.0.11 or above
Please upgrade to FortiVoiceEnterprise version 6.4.5 or above
Please upgrade to FortiVoiceEnterprise version 6.0.11 or above
Please upgrade to FortiMail version 7.2.0 or above
Please upgrade to FortiMail version 7.0.3 or above
Please upgrade to FortiMail version 6.4.7 or above
Please upgrade to FortiMail version 6.2.9 or above
Please upgrade to FortiDDoS-F version 6.3.1 or above
Please upgrade to FortiDDoS-F version 6.2.3 or above
Please upgrade to FortiDDoS-F version 6.1.5 or above
Please upgrade to FortiADC version 7.0.1 or above
Please upgrade to FortiADC version 6.2.3 or above
Please upgrade to FortiADC version 6.1.7 or above
Please upgrade to FortiNDR version 7.0.0 or above
Please upgrade to FortiDDoS version 5.7.1 or above
Please upgrade to FortiDDoS version 5.6.2 or above
Please upgrade to FortiDDoS version 5.5.2 or above
Please upgrade to FortiDDoS version 5.4.3 or above
Please upgrade to FortiDDoS version 5.3.2 or above
Please upgrade to FortiDDoS-CM version 5.7.1 or above
Please upgrade to FortiDDoS-CM version 5.6.2 or above
Please upgrade to FortiDDoS-CM version 5.5.2 or above
Please upgrade to FortiDDoS-CM version 5.4.3 or above
Please upgrade to FortiDDoS-CM version 5.3.2 or above

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.