FortiADC & FortiDDoS-F - Buffer overflows in CLI commands

Summary

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC & FortiDDoS-F may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

Version Affected Solution
FortiDDoS-F 6.5 6.5.0 Upgrade to 6.5.1 or above
FortiDDoS-F 6.4 6.4.0 through 6.4.1 Upgrade to 6.4.2 or above
FortiDDoS-F 6.3 6.3 all versions Migrate to a fixed release
FortiDDoS-F 6.2 6.2 all versions Migrate to a fixed release
FortiDDoS-F 6.1 6.1.0 through 6.1.4
FortiADC 7.2 7.2.0 Upgrade to 7.2.1 or above
FortiADC 7.1 7.1.0 through 7.1.2 Upgrade to 7.1.3 or above
FortiADC 7.0 7.0 all versions Migrate to a fixed release
FortiADC 6.2 6.2 all versions Migrate to a fixed release
FortiADC 6.1 6.1 all versions Migrate to a fixed release
FortiADC 6.0 6.0 all versions Migrate to a fixed release
FortiADC 5.4 5.4 all versions Migrate to a fixed release
FortiADC 5.3 5.3 all versions Migrate to a fixed release
FortiADC 5.2 5.2 all versions Migrate to a fixed release

Acknowledgement

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.

Timeline

2023-11-02: Initial publication