cve-2021-42757
Vulnerability from cvelistv5
Published
2021-12-08 11:01
Modified
2024-08-04 03:38
Severity
Summary
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
References
Source | URL | Tags |
---|---|---|
psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-21-173 | Vendor Advisory |
Impacted products
Vendor | Product |
---|---|
Fortinet | Fortinet FortiOS |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:38:50.116Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-21-173" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Execute unauthorized code or commands", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-08T11:01:11", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-21-173" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-42757", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS", "version": { "version_data": [ { "version_value": "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", "baseScore": 6.3, "baseSeverity": "Medium", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-21-173", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-21-173" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-42757", "datePublished": "2021-12-08T11:01:11", "dateReserved": "2021-10-20T00:00:00", "dateUpdated": "2024-08-04T03:38:50.116Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-42757\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2021-12-08T11:15:11.840\",\"lastModified\":\"2024-01-18T15:48:06.043\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer [CWE-121] en la biblioteca del cliente TFTP de FortiOS versiones anteriores a 6.4.7 y FortiOS versiones 7.0.0 hasta 7.0.2, puede permitir a un atacante local autenticado lograr una ejecuci\u00f3n de c\u00f3digo arbitrario por medio de argumentos de l\u00ednea de comandos especialmente dise\u00f1ados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9},{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.6},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"6.1.5\",\"matchCriteriaId\":\"D6DD5253-F76E-4799-BB45-79D7B7ACFFB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.2\",\"matchCriteriaId\":\"075C4223-7586-4799-AFA8-7B578BD144B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.4.7\",\"matchCriteriaId\":\"CF9AE101-566A-4460-AA97-18288BBD7639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.2\",\"matchCriteriaId\":\"CCEB8E5F-BBF2-4E6E-91C6-AA47E2CAD022\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndIncluding\":\"6.2.7\",\"matchCriteriaId\":\"3E2DC5CE-ED48-48B7-8654-7B29A65A7454\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndIncluding\":\"6.4.6\",\"matchCriteriaId\":\"C0A5C345-7055-4F18-AE77-FF1DBE41AB89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.2\",\"matchCriteriaId\":\"43038EC9-6FD3-488C-8CA3-8B4A705C3E11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.4.7\",\"matchCriteriaId\":\"958C238F-B3DD-41A7-801D-0C39143A5E09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.2\",\"matchCriteriaId\":\"7C5772DB-7F52-479C-914D-778552395990\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndIncluding\":\"1.5.2\",\"matchCriteriaId\":\"F49E4A60-2FA0-4298-BF2E-53C86AF21BEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortios-6k7k:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.2.8\",\"matchCriteriaId\":\"BEE493CA-7BE8-454A-82FD-11DB82D8FC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortios-6k7k:6.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59BD8EE9-6F94-4EA5-B22B-1B446A15F2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortios-6k7k:6.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50BDB150-8E02-427D-A9FC-C7C3C90F0584\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"6.0.10\",\"matchCriteriaId\":\"9D4A0E2F-41C7-4AFB-AC6D-83E7B1A5FC70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"2.0.7\",\"matchCriteriaId\":\"CEBD9074-C3A5-437E-AC44-C41E4B001980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D909C90B-E136-4E8E-B551-FE0369172C1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBCB4E87-0AEC-487E-8FAD-E8F647DA21D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.10\",\"matchCriteriaId\":\"70E9D9A8-EFF1-4ABE-A04D-FD983443DD3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndIncluding\":\"6.4.4\",\"matchCriteriaId\":\"E8611A25-64A1-4BCE-AA46-E47DFD607CB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"6.3.16\",\"matchCriteriaId\":\"1FEA2E8B-78B6-40AA-9201-BDF4838950CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74A92A08-E6F6-4522-A6DA-061950AD3525\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6A3D2C4-C3FA-4E12-9156-DAFEA4E00BCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"6.0.13\",\"matchCriteriaId\":\"BE1C5491-6C94-48A9-8D59-5162E576E54A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.9\",\"matchCriteriaId\":\"C4C0308D-8E52-456B-BFC2-62D4C1E9BDC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndIncluding\":\"6.4.7\",\"matchCriteriaId\":\"D183D979-7F73-4D02-91B7-D0C93DE55A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.2\",\"matchCriteriaId\":\"F2E9D423-721A-482B-BA6B-52E4D8C07C58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndIncluding\":\"6.0.10\",\"matchCriteriaId\":\"D3E33B56-1975-4B78-A157-E0EADB3BC1B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndIncluding\":\"6.4.2\",\"matchCriteriaId\":\"1CB7DEA7-E461-43B0-98EB-CE436DE87D98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.4.9\",\"matchCriteriaId\":\"C6E5A33E-F744-4CC0-ABA0-D1734845AFBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.3\",\"matchCriteriaId\":\"BB3C99AC-DCA1-44A0-9671-F424109A6038\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/advisory/FG-IR-21-173\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...