FortiAnalyzer/FortiManager/FortiOS/FortiProxy - stack-based buffer overflow via crafted CLI execute command
Summary
A buffer copy without checking size of input ('Classic Buffer Overflow')Â vulnerability [CWE-120] in FortiAnalyzer, FortiManager, FortiOS and FortiProxy may allow a privileged attacker to execute arbitrary code or command via crafted CLI `execute certificate remote`, `execute vpn certificate remote` and `execute restore image` operations with the TFTP protocol.
Affected Products
FortiManager version 5.6.0 through 5.6.11
FortiManager version 6.0.0 through 6.0.11
FortiManager version 6.2.0 through 6.2.9
FortiManager version 6.4.0 through 6.4.7
FortiManager version 7.0.0 through 7.0.2
FortiAnalyzer version 5.6.0 through 5.6.11
FortiAnalyzer version 6.0.0 through 6.0.11
FortiAnalyzer version 6.2.0 through 6.2.9
FortiAnalyzer version 6.4.0 through 6.4.7
FortiAnalyzer version 7.0.0 through 7.0.2
FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0 through 7.0.5
FortiProxy version 1.0.0 through 1.0.7
FortiProxy version 1.1.0 through 1.1.6
FortiProxy version 1.2.0 through 1.2.13
FortiProxy version 2.0.0 through 2.0.8
FortiProxy version 7.0.0 through 7.0.3
Solutions
Please upgrade to FortiManager version 7.0.3 or abovePlease upgrade to FortiManager version 6.4.8 or above
Please upgrade to FortiAnalyzer version 7.0.3 or above
Please upgrade to FortiAnalyzer version 6.4.8 or above
Please upgrade to FortiOS version 7.2.0 or above
Please upgrade to FortiOS version 7.0.6 or above
Please upgrade to FortiOS version 6.4.9 or above
Please upgrade to FortiOS version 6.2.11 or above
Please upgrade to FortiProxy version 7.0.4 or above
Please upgrade to FortiProxy version 2.0.9 or above