Stack-based buffer overflows via crafted CLI commands
Summary
A buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiAnalyzer, FortiManager, FortiOS and FortiProxy may allow a privileged attacker to execute arbitrary code or command via crafted CLI execute restore image
and execute certificate remote
operations with the TFTP protocol.
Affected Products
FortiManager version 5.6.0 through 5.6.11
FortiManager version 6.0.0 through 6.0.11
FortiManager version 6.2.0 through 6.2.9
FortiManager version 6.4.0 through 6.4.7
FortiManager version 7.0.0 through 7.0.2
FortiAnalyzer version 5.6.0 through 5.6.11
FortiAnalyzer version 6.0.0 through 6.0.11
FortiAnalyzer version 6.2.0 through 6.2.9
FortiAnalyzer version 6.4.0 through 6.4.7
FortiAnalyzer version 7.0.0 through 7.0.2
FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0 through 7.0.5
FortiProxy version 1.0.0 through 1.0.7
FortiProxy version 1.1.0 through 1.1.6
FortiProxy version 1.2.0 through 1.2.13
FortiProxy version 2.0.0 through 2.0.8
FortiProxy version 7.0.0 through 7.0.3
Solutions
Please upgrade to FortiAnalyzer version 7.0.3 or above
Please upgrade to FortiAnalyzer version 6.4.8 or above
Please upgrade to FortiManager version 7.0.3 or above
Please upgrade to FortiManager version 6.4.8 or above
Please upgrade to FortiOS version 7.2.0 or above
Please upgrade to FortiOS version 7.0.6 or above
Please upgrade to FortiProxy version 7.0.4 or above
Please upgrade to FortiProxy version 2.0.9 or above
Acknowledgement
Internally discovered and reported by Mattia Fecit and Théo Leleu of Fortinet Product Security Team.Timeline
2022-07-05: Initial publication