PSIRT Advisories

FortiOS - Buffer overflow in TFTP client library of CLI

Summary

A buffer overflow [CWE-121] in the TFTP client library of FortiOS, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

Affected Products

FortiOS versions 6.0.13 and below,
FortiOS versions 6.2.9 and below,
FortiOS versions 6.4.7 and below,
FortiOS versions 7.0.2 and below.

FortiOS-6K7K 6.4.6 and 6.4.2.
FortiOS-6K7K 6.2.8 and below.


FortiWeb version 5.9.1 and below.
FortiWeb version 6.0.7 and below.
FortiWeb version 6.1.2 and below.
FortiWeb version 6.2.6 and below.
FortiWeb version 6.3.16 and below.
FortiWeb versions 6.4.1 and 6.4.0

Solutions

Upgrade to FortiOS 7.0.3 or above,
Upgrade to FortiOS 6.4.8 or above,
Upgrade to FortiOS 6.2.10 or above,
Upgrade to FortiOS 6.0.14 or above.

Upgrade to FortiOS-6K7K 6.2.9 or above.


Upgrade to FortiWeb 6.4.2 or above,
Upgrade to FortiWeb 6.3.17 or above,

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.