Buffer overflow in administrative interface
Summary
A stack-based buffer overflow [CWE-121] vulnerability in FortiOS administrative interface may allow a privileged attacker to execute arbitrary code or commands via crafted HTTP or HTTPs requests.
Version | Affected | Solution |
---|---|---|
FortiOS 7.4 | 7.4.0 through 7.4.1 | Upgrade to 7.4.2 or above |
FortiOS 7.2 | 7.2.1 through 7.2.7 | Upgrade to 7.2.8 or above |
Acknowledgement
Internally discovered and reported by Théo Leleu of Fortinet Product Security team.Timeline
2024-05-14: Initial publication
2024-06-19: Fix affected versions