← back
CVE-2021-42757

CVE-2021-42757

CVSS 6.3 MEDIUMEPSS 0.5%CWE-120
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
Affected products
Fortinet · FortiADCFortinet · FortiAnalyzerFortinet · FortiDDoSFortinet · FortiDDoS-FFortinet · FortiMailFortinet · FortiManagerFortinet · FortiNDRFortinet · FortiOSFortinet · FortiPortalFortinet · FortiProxyFortinet · FortiRecorderFortinet · FortiSwitchFortinet · FortiVoiceFortinet · FortiWeb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/advisory/FG-IR-21-173