virus logo PSIRT

Stack buffer overflow in CLI command

Summary

A stack-based buffer overflow vulnerability [CWE-121] in FortiManager, FortiAnalyzer and FortiAnalyzer-BigData CLI may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Version Affected Solution
FortiAnalyzer 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above
FortiAnalyzer 7.2 7.2.0 through 7.2.5 Upgrade to 7.2.6 or above
FortiAnalyzer 7.0 7.0 all versions Migrate to a fixed release
FortiAnalyzer 6.4 6.4 all versions Migrate to a fixed release
FortiAnalyzer 6.2 6.2 all versions Migrate to a fixed release
FortiAnalyzer-BigData 7.4 7.4.0 Upgrade to 7.4.1 or above
FortiAnalyzer-BigData 7.2 7.2.0 though 7.2.7 Upgrade to 7.2.8 or above
FortiAnalyzer-BigData 7.0 7.0 all versions Migrate to a fixed release
FortiAnalyzer-BigData 6.4 6.4 all versions Migrate to a fixed release
FortiAnalyzer-BigData 6.2 6.2 all versions Migrate to a fixed release
FortiManager 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above
FortiManager 7.2 7.2.0 through 7.2.5 Upgrade to 7.2.6 or above
FortiManager 7.0 7.0 all versions Migrate to a fixed release
FortiManager 6.4 6.4 all versions Migrate to a fixed release
FortiManager 6.2 6.2 all versions Migrate to a fixed release

Acknowledgement

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.

Timeline

2024-11-12: Initial publication
IR Number FG-IR-24-098
Published Date Nov 12, 2024
Component CLI
Severity Medium
Discovered Internal
Attack Type Authenticated
Known Exploited No
CVSSv3 Score 6.3
Impact Execute unauthorized code or commands
CVE ID
Download

CVRF

CSAF