Vulnerability Description
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiadc | >= 5.0.0, <= 6.1.5 |
| Fortinet | Fortianalyzer | >= 6.0.0, <= 6.4.7 |
| Fortinet | Fortimail | >= 5.4.0, <= 6.2.7 |
| Fortinet | Fortimanager | >= 6.0.0, <= 6.4.7 |
| Fortinet | Fortindr | >= 1.1.0, <= 1.5.2 |
| Fortinet | Fortios-6K7K | <= 6.2.8 |
| Fortinet | Fortiportal | >= 5.0.0, <= 6.0.10 |
| Fortinet | Fortiproxy | >= 1.0.0, <= 2.0.7 |
| Fortinet | Fortivoice | >= 6.0.0, <= 6.0.10 |
| Fortinet | Fortiweb | >= 5.0.0, <= 6.3.16 |
| Fortinet | Fortios | >= 5.0.0, <= 6.0.13 |
| Fortinet | Fortirecorder Firmware | >= 2.6.0, <= 6.0.10 |
| Fortinet | Fortiswitch | >= 6.0.0, <= 6.4.9 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/advisory/FG-IR-21-173Vendor Advisory
- https://fortiguard.com/advisory/FG-IR-21-173Vendor Advisory
FAQ
What is CVE-2021-42757?
CVE-2021-42757 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specia...
How severe is CVE-2021-42757?
CVE-2021-42757 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42757?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiadc, Fortinet Fortianalyzer, Fortinet Fortimail, Fortinet Fortimanager, Fortinet Fortindr.