CVE-2021-42757

EPSS 0.07%
Veröffentlicht 08.12.2021 11:15:11
Zuletzt bearbeitet 16.10.2025 10:15:36
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortiadc Version >= 5.0.0 <= 6.1.5

Fortinet ≫ Fortiadc Version >= 6.2.0 <= 6.2.2

Fortinet ≫ Fortianalyzer Version >= 6.0.0 <= 6.4.7

Fortinet ≫ Fortianalyzer Version >= 7.0.0 <= 7.0.2

Fortinet ≫ Fortimail Version >= 5.4.0 <= 6.2.7

Fortinet ≫ Fortimail Version >= 6.4.0 <= 6.4.6

Fortinet ≫ Fortimail Version >= 7.0.0 <= 7.0.2

Fortinet ≫ Fortimanager Version >= 6.0.0 <= 6.4.7

Fortinet ≫ Fortimanager Version >= 7.0.0 <= 7.0.2

Fortinet ≫ FortiNDR Version >= 1.1.0 <= 1.5.2

Fortinet ≫ Fortios-6k7k Version <= 6.2.8

Fortinet ≫ Fortios-6k7k Version6.4.2

Fortinet ≫ Fortios-6k7k Version6.4.6

Fortinet ≫ Fortiportal Version >= 5.0.0 <= 6.0.10

Fortinet ≫ Fortiproxy Version >= 1.0.0 <= 2.0.7

Fortinet ≫ Fortiproxy Version7.0.0

Fortinet ≫ Fortiproxy Version7.0.1

Fortinet ≫ Fortivoice Version >= 6.0.0 <= 6.0.10

Fortinet ≫ Fortivoice Version >= 6.4.0 <= 6.4.4

Fortinet ≫ Fortiweb Version >= 5.0.0 <= 6.3.16

Fortinet ≫ Fortiweb Version6.4.0

Fortinet ≫ Fortiweb Version6.4.1

Fortinet ≫ Fortios Version >= 5.0.0 <= 6.0.13

Fortinet ≫ Fortios Version >= 6.2.0 <= 6.2.9

Fortinet ≫ Fortios Version >= 6.4.0 <= 6.4.7

Fortinet ≫ Fortios Version >= 7.0.0 <= 7.0.2

Fortinet ≫ Fortirecorder Firmware Version >= 2.6.0 <= 6.0.10

Fortinet ≫ Fortirecorder Firmware Version >= 6.4.0 <= 6.4.2

Fortinet ≫ Fortiswitch Version >= 6.0.0 <= 6.4.9

Fortinet ≫ Fortiswitch Version >= 7.0.0 <= 7.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.223

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@fortinet.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://fortiguard.com/advisory/FG-IR-21-173

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-42757

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-42757

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-42757

EUVD