FortiADC & FortiDDoS-F - Buffer overflows in CLI commands
Summary
Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC & FortiDDoS-F may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.
Version | Affected | Solution |
---|---|---|
FortiDDoS-F 6.5 | 6.5.0 | Upgrade to 6.5.1 or above |
FortiDDoS-F 6.4 | 6.4.0 through 6.4.1 | Upgrade to 6.4.2 or above |
FortiDDoS-F 6.3 | 6.3 all versions | Migrate to a fixed release |
FortiDDoS-F 6.2 | 6.2 all versions | Migrate to a fixed release |
FortiDDoS-F 6.1 | 6.1.0 through 6.1.4 | |
FortiADC 7.2 | 7.2.0 | Upgrade to 7.2.1 or above |
FortiADC 7.1 | 7.1.0 through 7.1.2 | Upgrade to 7.1.3 or above |
FortiADC 7.0 | 7.0 all versions | Migrate to a fixed release |
FortiADC 6.2 | 6.2 all versions | Migrate to a fixed release |
FortiADC 6.1 | 6.1 all versions | Migrate to a fixed release |
FortiADC 6.0 | 6.0 all versions | Migrate to a fixed release |
FortiADC 5.4 | 5.4 all versions | Migrate to a fixed release |
FortiADC 5.3 | 5.3 all versions | Migrate to a fixed release |
FortiADC 5.2 | 5.2 all versions | Migrate to a fixed release |