6.7
CVE-2021-42757
- EPSS 0.08%
- Veröffentlicht 08.12.2021 11:15:11
- Zuletzt bearbeitet 21.11.2024 06:28:06
- Quelle psirt@fortinet.com
- Teams Watchlist Login
- Unerledigt Login
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 6.0.0 <= 6.4.7
Fortinet ≫ Fortianalyzer Version >= 7.0.0 <= 7.0.2
Fortinet ≫ Fortimanager Version >= 6.0.0 <= 6.4.7
Fortinet ≫ Fortimanager Version >= 7.0.0 <= 7.0.2
Fortinet ≫ Fortios-6k7k Version <= 6.2.8
Fortinet ≫ Fortios-6k7k Version6.4.2
Fortinet ≫ Fortios-6k7k Version6.4.6
Fortinet ≫ Fortiportal Version >= 5.0.0 <= 6.0.10
Fortinet ≫ Fortiproxy Version >= 1.0.0 <= 2.0.7
Fortinet ≫ Fortiproxy Version7.0.0
Fortinet ≫ Fortiproxy Version7.0.1
Fortinet ≫ Fortivoice Version >= 6.0.0 <= 6.0.10
Fortinet ≫ Fortivoice Version >= 6.4.0 <= 6.4.4
Fortinet ≫ Fortirecorder Firmware Version >= 2.6.0 <= 6.0.10
Fortinet ≫ Fortirecorder Firmware Version >= 6.4.0 <= 6.4.2
Fortinet ≫ Fortiswitch Version >= 6.0.0 <= 6.4.9
Fortinet ≫ Fortiswitch Version >= 7.0.0 <= 7.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.212 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| psirt@fortinet.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.