Stack-based buffer overflows in diagnostic CLI commands Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-179 Final 1 1 2022-07-05T00:00:00 Current version 2022-07-05T00:00:00 2022-07-05T00:00:00 A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS and FortiProxy may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. None Execute unauthorized code or commands FortiProxy version 1.0.0 through 1.0.7FortiProxy version 1.1.0 through 1.1.6FortiProxy version 1.2.0 through 1.2.13FortiProxy version 2.0.0 through 2.0.7FortiOS version 6.0.0 through 6.0.14FortiOS version 6.2.0 through 6.2.10FortiOS version 6.4.0 through 6.4.8FortiOS version 7.0.0 through 7.0.2 Upgrade to FortiOS version 7.0.4 or above.Upgrade to FortiOS version 6.4.9 or above.Upgrade to FortiOS version 6.2.11 or above.Upgrade to FortiProxy version 2.0.8 or above. Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team. CVE-2021-44170 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-179 Stack-based buffer overflows in diagnostic CLI commands Reference>