CVE-2021-42757

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortios-6k7k:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortios-6k7k:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortios-6k7k:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:28

Type Values Removed Values Added
References () https://fortiguard.com/advisory/FG-IR-21-173 - Vendor Advisory () https://fortiguard.com/advisory/FG-IR-21-173 - Vendor Advisory

18 Jan 2024, 15:48

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:* cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*

Information

Published : 2021-12-08 11:15

Updated : 2024-11-21 06:28


NVD link : CVE-2021-42757

Mitre link : CVE-2021-42757

CVE.ORG link : CVE-2021-42757


JSON object : View

Products Affected

fortinet

  • fortimanager
  • fortios
  • fortiswitch
  • fortiadc
  • fortivoice
  • fortiproxy
  • fortindr
  • fortianalyzer
  • fortios-6k7k
  • fortirecorder_firmware
  • fortiweb
  • fortimail
  • fortiportal
CWE
CWE-787

Out-of-bounds Write