FortiOS - Buffer overflow in execute extender command

Summary

A stack-based buffer overflow vulnerability [CWE-121] in FortiOS may allow a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.

Affected Products

FortiOS version 7.0.0 through 7.0.3 FortiOS 6.4.0 through 6.4.14 FortiOS 6.2 all versions

Solutions

Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.0 or above Please upgrade to FortiOS version 7.0.4 or above Please upgrade to the FortiOS upcoming version 6.4.15 or above

Timeline

2023-07-28: Initial publication