Stack-based buffer overflow in command line interpreter Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-132 Final 1 1 2022-02-01T00:00:00 Current version 2022-02-01T00:00:00 2022-02-01T00:00:00 Multiple stack-based buffer overflows [CWE-121] in the command line interpreter of FortiWeb, FortiMail, FortiADC, FortiDDoS, FortiDDoS-F, FortiNDR, FortiRecorder, FortiVoiceEnterprise, FortiDDoS-CM and FortiFone may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands. None Execute unauthorized code or commands FortiFone version 3.0.0 through 3.0.11FortiWeb version 6.4.0 through 6.4.1FortiWeb version 6.3.0 through 6.3.15FortiMail version 7.0.0 through 7.0.2FortiMail version 6.4.0 through 6.4.6FortiMail version 6.2.0 through 6.2.8FortiMail 6.0 all versionsFortiMail 5.4 all versionsFortiVoiceEnterprise version 6.4.0 through 6.4.4FortiVoiceEnterprise version 6.0.0 through 6.0.10FortiDDoS-F version 6.3.0FortiDDoS-F version 6.2.0 through 6.2.2FortiDDoS-F version 6.1.0 through 6.1.4FortiADC version 7.0.0FortiADC version 6.2.0 through 6.2.2FortiADC version 6.1.0 through 6.1.6FortiADC 6.0 all versionsFortiADC 5.4 all versionsFortiADC 5.3 all versionsFortiADC 5.2 all versionsFortiADC 5.1 all versionsFortiADC 5.0 all versionsFortiNDR 1.5 all versionsFortiNDR 1.4 all versionsFortiNDR 1.3 all versionsFortiNDR 1.2 all versionsFortiNDR 1.1 all versionsFortiDDoS-CM version 5.5.0 through 5.5.1FortiDDoS-CM version 5.4.0 through 5.4.3FortiDDoS-CM version 5.3.0 through 5.3.1FortiDDoS-CM 5.2 all versionsFortiDDoS-CM 5.1 all versionsFortiDDoS-CM 5.0 all versionsFortiDDoS-CM 4.7 all versionsFortiRecorder version 6.4.0 through 6.4.2FortiRecorder version 6.0.0 through 6.0.10FortiRecorder 2.7 all versionsFortiRecorder 2.6 all versionsFortiDDoS version 5.7.0FortiDDoS version 5.6.0 through 5.6.1FortiDDoS version 5.5.0 through 5.5.1FortiDDoS version 5.4.0 through 5.4.3FortiDDoS version 5.3.0 through 5.3.2FortiDDoS 5.2 all versionsFortiDDoS 5.1 all versionsFortiDDoS 5.0 all versionsFortiDDoS 4.7 all versionsFortiDDoS 4.6 all versionsFortiDDoS 4.5 all versionsFortiDDoS 4.4 all versions Please upgrade to FortiFone version 3.0.12 or abovePlease upgrade to FortiWeb version 7.0.0 or abovePlease upgrade to FortiWeb version 6.4.2 or abovePlease upgrade to FortiWeb version 6.3.17 or abovePlease upgrade to FortiWeb version 6.3.16 or abovePlease upgrade to FortiWeb version 6.2.7 or abovePlease upgrade to FortiRecorder version 7.0.0 or abovePlease upgrade to FortiRecorder version 6.4.3 or abovePlease upgrade to FortiRecorder version 6.0.11 or abovePlease upgrade to FortiVoiceEnterprise version 6.4.5 or abovePlease upgrade to FortiVoiceEnterprise version 6.0.11 or abovePlease upgrade to FortiMail version 7.2.0 or abovePlease upgrade to FortiMail version 7.0.3 or abovePlease upgrade to FortiMail version 6.4.7 or abovePlease upgrade to FortiMail version 6.2.9 or abovePlease upgrade to FortiDDoS-F version 6.3.1 or abovePlease upgrade to FortiDDoS-F version 6.2.3 or abovePlease upgrade to FortiDDoS-F version 6.1.5 or abovePlease upgrade to FortiADC version 7.0.1 or abovePlease upgrade to FortiADC version 6.2.3 or abovePlease upgrade to FortiADC version 6.1.7 or abovePlease upgrade to FortiNDR version 7.0.0 or abovePlease upgrade to FortiDDoS version 5.7.1 or abovePlease upgrade to FortiDDoS version 5.6.2 or abovePlease upgrade to FortiDDoS version 5.5.2 or abovePlease upgrade to FortiDDoS version 5.4.3 or abovePlease upgrade to FortiDDoS version 5.3.2 or abovePlease upgrade to FortiDDoS-CM version 5.7.1 or abovePlease upgrade to FortiDDoS-CM version 5.6.2 or abovePlease upgrade to FortiDDoS-CM version 5.5.2 or abovePlease upgrade to FortiDDoS-CM version 5.4.3 or abovePlease upgrade to FortiDDoS-CM version 5.3.2 or above Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team. CVE-2021-36193 7.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-132 Stack-based buffer overflow in command line interpreter Reference>