Vulnerabilites related to fortinet - fortios-6k7k
cve-2023-27997
Vulnerability from cvelistv5
Published
2023-06-13 08:41
Modified
2024-10-23 13:18
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortinet | FortiOS-6K7K |
Version: 7.0.10 Version: 7.0.5 Version: 6.4.12 Version: 6.4.10 Version: 6.4.8 Version: 6.4.6 Version: 6.4.2 Version: 6.2.9 ≤ 6.2.13 Version: 6.2.6 ≤ 6.2.7 Version: 6.2.4 Version: 6.0.12 ≤ 6.0.16 Version: 6.0.10 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:30.864Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-097", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-23-097", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-27997", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T13:18:08.089433Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-06-13", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27997", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T13:18:14.745Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiOS-6K7K", vendor: "Fortinet", versions: [ { status: "affected", version: "7.0.10", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "6.4.12", }, { status: "affected", version: "6.4.10", }, { status: "affected", version: "6.4.8", }, { status: "affected", version: "6.4.6", }, { status: "affected", version: "6.4.2", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.9", versionType: "semver", }, { lessThanOrEqual: "6.2.7", status: "affected", version: "6.2.6", versionType: "semver", }, { status: "affected", version: "6.2.4", }, { lessThanOrEqual: "6.0.16", status: "affected", version: "6.0.12", versionType: "semver", }, { status: "affected", version: "6.0.10", }, ], }, { defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.9", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "2.0.12", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.2.13", status: "affected", version: "1.2.0", versionType: "semver", }, { lessThanOrEqual: "1.1.6", status: "affected", version: "1.1.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.4", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.11", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.12", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.16", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.2, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:41:47.415Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-097", url: "https://fortiguard.com/psirt/FG-IR-23-097", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiOS-6K7K version 7.0.12 or above\r\nPlease upgrade to FortiOS-6K7K version 6.4.13 or above\r\nPlease upgrade to FortiOS-6K7K version 6.2.15 or above\r\nPlease upgrade to FortiOS-6K7K version 6.0.17 or above\r\nPlease upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above\r\nPlease upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.12 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiOS version 6.2.14 or above\r\nPlease upgrade to FortiOS version 6.0.17 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-27997", datePublished: "2023-06-13T08:41:47.415Z", dateReserved: "2023-03-09T10:09:33.119Z", dateUpdated: "2024-10-23T13:18:14.745Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42757
Vulnerability from cvelistv5
Published
2021-12-08 11:01
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-21-173 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiOS |
Version: FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:38:50.116Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-21-173", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Fortinet FortiOS", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "PROOF_OF_CONCEPT", integrityImpact: "HIGH", privilegesRequired: "HIGH", remediationLevel: "UNAVAILABLE", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.3, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-08T11:01:11", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-21-173", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2021-42757", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiOS", version: { version_data: [ { version_value: "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.", }, ], }, impact: { cvss: { attackComplexity: "Low", attackVector: "Local", availabilityImpact: "High", baseScore: 6.3, baseSeverity: "Medium", confidentialityImpact: "High", integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", userInteraction: "None", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Execute unauthorized code or commands", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-21-173", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-21-173", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2021-42757", datePublished: "2021-12-08T11:01:11", dateReserved: "2021-10-20T00:00:00", dateUpdated: "2024-08-04T03:38:50.116Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202112-0338
Vulnerability from variot
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0338", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortios-6k7k", scope: "lte", trust: 1, vendor: "fortinet", version: "6.2.8", }, { model: "fortios", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortiswitch", scope: "lte", trust: 1, vendor: "fortinet", version: "6.4.9", }, { model: "fortianalyzer", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortiadc", scope: "lte", trust: 1, vendor: "fortinet", version: "6.1.5", }, { model: "fortios", scope: "lte", trust: 1, vendor: "fortinet", version: "6.0.13", }, { model: "fortindr", scope: "gte", trust: 1, vendor: "fortinet", version: "1.1.0", }, { model: "fortios-6k7k", scope: "eq", trust: 1, vendor: "fortinet", version: "6.4.6", }, { model: "fortiadc", scope: "gte", trust: 1, vendor: "fortinet", version: "6.2.0", }, { model: "fortios-6k7k", scope: "eq", trust: 1, vendor: "fortinet", version: "6.4.2", }, { model: "fortivoice", scope: "gte", trust: 1, vendor: "fortinet", version: "6.4.0", }, { model: "fortiweb", scope: "lte", trust: 1, vendor: "fortinet", version: "6.3.16", }, { model: "fortiadc", scope: "lte", trust: 1, vendor: "fortinet", version: "6.2.2", }, { model: "fortiweb", scope: "gte", trust: 1, vendor: "fortinet", version: "5.0.0", }, { model: "fortirecorder", scope: "gte", trust: 1, vendor: "fortinet", version: "6.4.0", }, { model: "fortimanager", scope: "gte", trust: 1, vendor: "fortinet", version: "6.0.0", }, { model: "fortimail", scope: "lte", trust: 1, vendor: "fortinet", version: "6.2.7", }, { model: "fortiadc", scope: "gte", trust: 1, vendor: "fortinet", version: "5.0.0", }, { model: "fortimail", scope: "gte", trust: 1, vendor: "fortinet", version: "5.4.0", }, { model: "fortios", scope: "lte", trust: 1, vendor: "fortinet", version: "6.2.9", }, { model: "fortivoice", scope: "gte", trust: 1, vendor: "fortinet", version: "6.0.0", }, { model: "fortios", scope: "gte", trust: 1, vendor: "fortinet", version: "6.2.0", }, { model: "fortirecorder", scope: "gte", trust: 1, vendor: "fortinet", version: "2.6.0", }, { model: "fortirecorder", scope: "lte", trust: 1, vendor: "fortinet", version: "6.4.2", }, { model: "fortimail", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortivoice", scope: "lte", trust: 1, vendor: "fortinet", version: "6.0.10", }, { model: "fortiswitch", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortiproxy", scope: "lte", trust: 1, vendor: "fortinet", version: "2.0.7", }, { model: "fortiportal", scope: "gte", trust: 1, vendor: "fortinet", version: "5.0.0", }, { model: "fortimanager", scope: "lte", trust: 1, vendor: "fortinet", version: "7.0.2", }, { model: "fortios", scope: "gte", trust: 1, vendor: "fortinet", version: "5.0.0", }, { model: "fortiswitch", scope: "lte", trust: 1, vendor: "fortinet", version: "7.0.3", }, { model: "fortiproxy", scope: "gte", trust: 1, vendor: "fortinet", version: "1.0.0", }, { model: "fortios", scope: "gte", trust: 1, vendor: "fortinet", version: "6.4.0", }, { model: "fortiproxy", scope: "eq", trust: 1, vendor: "fortinet", version: "7.0.1", }, { model: "fortiportal", scope: "lte", trust: 1, vendor: "fortinet", version: "6.0.10", }, { model: "fortimail", scope: "lte", trust: 1, vendor: "fortinet", version: "6.4.6", }, { model: "fortimanager", scope: "lte", trust: 1, vendor: "fortinet", version: "6.4.7", }, { model: "fortianalyzer", scope: "gte", trust: 1, vendor: "fortinet", version: "6.0.0", }, { model: "fortimanager", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortindr", scope: "lte", trust: 1, vendor: "fortinet", version: "1.5.2", }, { model: "fortirecorder", scope: "lte", trust: 1, vendor: "fortinet", version: "6.0.10", }, { model: "fortios", scope: "lte", trust: 1, vendor: "fortinet", version: "7.0.2", }, { model: "fortianalyzer", scope: "lte", trust: 1, vendor: "fortinet", version: "7.0.2", }, { model: "fortiproxy", scope: "eq", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortimail", scope: "gte", trust: 1, vendor: "fortinet", version: "6.4.0", }, { model: "fortios", scope: "lte", trust: 1, vendor: "fortinet", version: "6.4.7", }, { model: "fortiswitch", scope: "gte", trust: 1, vendor: "fortinet", version: "6.0.0", }, { model: "fortianalyzer", scope: "lte", trust: 1, vendor: "fortinet", version: "6.4.7", }, { model: "fortivoice", scope: "lte", trust: 1, vendor: "fortinet", version: "6.4.4", }, { model: "fortiweb", scope: "eq", trust: 1, vendor: "fortinet", version: "6.4.1", }, { model: "fortiweb", scope: "eq", trust: 1, vendor: "fortinet", version: "6.4.0", }, { model: "fortimail", scope: "lte", trust: 1, vendor: "fortinet", version: "7.0.2", }, { model: "fortimanager", scope: null, trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortios", scope: null, trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortianalyzer", scope: null, trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortiweb", scope: null, trust: 0.8, vendor: "フォーティネット", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016008", }, { db: "NVD", id: "CVE-2021-42757", }, ], }, cve: "CVE-2021-42757", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2021-42757", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.8, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "VHN-403819", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2021-42757", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "OTHER", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2021-016008", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-42757", trust: 1, value: "MEDIUM", }, { author: "psirt@fortinet.com", id: "CVE-2021-42757", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2021-42757", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202112-559", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-403819", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-403819", }, { db: "JVNDB", id: "JVNDB-2021-016008", }, { db: "CNNVD", id: "CNNVD-202112-559", }, { db: "NVD", id: "CVE-2021-42757", }, { db: "NVD", id: "CVE-2021-42757", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2021-42757", }, { db: "JVNDB", id: "JVNDB-2021-016008", }, { db: "VULHUB", id: "VHN-403819", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-42757", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-016008", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-559", trust: 0.6, }, { db: "VULHUB", id: "VHN-403819", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-403819", }, { db: "JVNDB", id: "JVNDB-2021-016008", }, { db: "CNNVD", id: "CNNVD-202112-559", }, { db: "NVD", id: "CVE-2021-42757", }, ], }, id: "VAR-202112-0338", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-403819", }, ], trust: 0.36984128000000005, }, last_update_date: "2024-11-23T22:20:42.629000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-21-173", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-21-173", }, { title: "Fortinet FortiOS Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173877", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016008", }, { db: "CNNVD", id: "CNNVD-202112-559", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Classic buffer overflow (CWE-120) [NVD evaluation ]", trust: 0.8, }, { problemtype: "CWE-120", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-403819", }, { db: "JVNDB", id: "JVNDB-2021-016008", }, { db: "NVD", id: "CVE-2021-42757", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-21-173", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-42757", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-tftp-client-library-37026", }, ], sources: [ { db: "VULHUB", id: "VHN-403819", }, { db: "JVNDB", id: "JVNDB-2021-016008", }, { db: "CNNVD", id: "CNNVD-202112-559", }, { db: "NVD", id: "CVE-2021-42757", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-403819", }, { db: "JVNDB", id: "JVNDB-2021-016008", }, { db: "CNNVD", id: "CNNVD-202112-559", }, { db: "NVD", id: "CVE-2021-42757", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-08T00:00:00", db: "VULHUB", id: "VHN-403819", }, { date: "2022-12-05T00:00:00", db: "JVNDB", id: "JVNDB-2021-016008", }, { date: "2021-12-07T00:00:00", db: "CNNVD", id: "CNNVD-202112-559", }, { date: "2021-12-08T11:15:11.840000", db: "NVD", id: "CVE-2021-42757", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-09T00:00:00", db: "VULHUB", id: "VHN-403819", }, { date: "2022-12-05T06:18:00", db: "JVNDB", id: "JVNDB-2021-016008", }, { date: "2021-12-13T00:00:00", db: "CNNVD", id: "CNNVD-202112-559", }, { date: "2024-11-21T06:28:06.653000", db: "NVD", id: "CVE-2021-42757", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202112-559", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "FortiOS of TFTP client library and FortiOS Classic buffer overflow vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2021-016008", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202112-559", }, ], trust: 0.6, }, }
Vulnerability from fkie_nvd
Published
2021-12-08 11:15
Modified
2024-11-21 06:28
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-21-173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-21-173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiadc | * | |
| fortinet | fortiadc | * | |
| fortinet | fortianalyzer | * | |
| fortinet | fortianalyzer | * | |
| fortinet | fortimail | * | |
| fortinet | fortimail | * | |
| fortinet | fortimail | * | |
| fortinet | fortimanager | * | |
| fortinet | fortimanager | * | |
| fortinet | fortindr | * | |
| fortinet | fortios-6k7k | * | |
| fortinet | fortios-6k7k | 6.4.2 | |
| fortinet | fortios-6k7k | 6.4.6 | |
| fortinet | fortiportal | * | |
| fortinet | fortiproxy | * | |
| fortinet | fortiproxy | 7.0.0 | |
| fortinet | fortiproxy | 7.0.1 | |
| fortinet | fortivoice | * | |
| fortinet | fortivoice | * | |
| fortinet | fortiweb | * | |
| fortinet | fortiweb | 6.4.0 | |
| fortinet | fortiweb | 6.4.1 | |
| fortinet | fortios | * | |
| fortinet | fortios | * | |
| fortinet | fortios | * | |
| fortinet | fortios | * | |
| fortinet | fortirecorder_firmware | * | |
| fortinet | fortirecorder_firmware | * | |
| fortinet | fortiswitch | * | |
| fortinet | fortiswitch | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", matchCriteriaId: "D6DD5253-F76E-4799-BB45-79D7B7ACFFB1", versionEndIncluding: "6.1.5", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", matchCriteriaId: "075C4223-7586-4799-AFA8-7B578BD144B5", versionEndIncluding: "6.2.2", versionStartIncluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "CF9AE101-566A-4460-AA97-18288BBD7639", versionEndIncluding: "6.4.7", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "CCEB8E5F-BBF2-4E6E-91C6-AA47E2CAD022", versionEndIncluding: "7.0.2", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", matchCriteriaId: "3E2DC5CE-ED48-48B7-8654-7B29A65A7454", versionEndIncluding: "6.2.7", versionStartIncluding: "5.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", matchCriteriaId: "C0A5C345-7055-4F18-AE77-FF1DBE41AB89", versionEndIncluding: "6.4.6", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", matchCriteriaId: "43038EC9-6FD3-488C-8CA3-8B4A705C3E11", versionEndIncluding: "7.0.2", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", matchCriteriaId: "958C238F-B3DD-41A7-801D-0C39143A5E09", versionEndIncluding: "6.4.7", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", matchCriteriaId: "7C5772DB-7F52-479C-914D-778552395990", versionEndIncluding: "7.0.2", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", matchCriteriaId: "F49E4A60-2FA0-4298-BF2E-53C86AF21BEC", versionEndIncluding: "1.5.2", versionStartIncluding: "1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortios-6k7k:*:*:*:*:*:*:*:*", matchCriteriaId: "BEE493CA-7BE8-454A-82FD-11DB82D8FC3A", versionEndIncluding: "6.2.8", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortios-6k7k:6.4.2:*:*:*:*:*:*:*", matchCriteriaId: "59BD8EE9-6F94-4EA5-B22B-1B446A15F2A1", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortios-6k7k:6.4.6:*:*:*:*:*:*:*", matchCriteriaId: "50BDB150-8E02-427D-A9FC-C7C3C90F0584", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4A0E2F-41C7-4AFB-AC6D-83E7B1A5FC70", versionEndIncluding: "6.0.10", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "CEBD9074-C3A5-437E-AC44-C41E4B001980", versionEndIncluding: "2.0.7", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D909C90B-E136-4E8E-B551-FE0369172C1E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BBCB4E87-0AEC-487E-8FAD-E8F647DA21D5", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", matchCriteriaId: "70E9D9A8-EFF1-4ABE-A04D-FD983443DD3A", versionEndIncluding: "6.0.10", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", matchCriteriaId: "E8611A25-64A1-4BCE-AA46-E47DFD607CB2", versionEndIncluding: "6.4.4", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", matchCriteriaId: "1FEA2E8B-78B6-40AA-9201-BDF4838950CC", versionEndIncluding: "6.3.16", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "74A92A08-E6F6-4522-A6DA-061950AD3525", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A6A3D2C4-C3FA-4E12-9156-DAFEA4E00BCC", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "BE1C5491-6C94-48A9-8D59-5162E576E54A", versionEndIncluding: "6.0.13", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "C4C0308D-8E52-456B-BFC2-62D4C1E9BDC3", versionEndIncluding: "6.2.9", versionStartIncluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "D183D979-7F73-4D02-91B7-D0C93DE55A8F", versionEndIncluding: "6.4.7", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "F2E9D423-721A-482B-BA6B-52E4D8C07C58", versionEndIncluding: "7.0.2", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D3E33B56-1975-4B78-A157-E0EADB3BC1B7", versionEndIncluding: "6.0.10", versionStartIncluding: "2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1CB7DEA7-E461-43B0-98EB-CE436DE87D98", versionEndIncluding: "6.4.2", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "C6E5A33E-F744-4CC0-ABA0-D1734845AFBB", versionEndIncluding: "6.4.9", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "BB3C99AC-DCA1-44A0-9671-F424109A6038", versionEndIncluding: "7.0.3", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.", }, { lang: "es", value: "Un desbordamiento de búfer [CWE-121] en la biblioteca del cliente TFTP de FortiOS versiones anteriores a 6.4.7 y FortiOS versiones 7.0.0 hasta 7.0.2, puede permitir a un atacante local autenticado lograr una ejecución de código arbitrario por medio de argumentos de línea de comandos especialmente diseñados", }, ], id: "CVE-2021-42757", lastModified: "2024-11-21T06:28:06.653", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-08T11:15:11.840", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-21-173", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-21-173", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }