CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
A buffer copy without checking size of input (‘classic buffer overflow’) in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI execute restore image
and execute certificate remote
operations with the tFTP protocol.
Vendor | Product | Version | CPE |
---|---|---|---|
fortinet | fortianalyzer | * | cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* |
fortinet | fortimanager | * | cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* |
fortinet | fortiproxy | * | cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* |
fortinet | fortios | * | cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
[
{
"vendor": "Fortinet",
"product": "FortiAnalyzer",
"cpes": [
"cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:5.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "7.0.0",
"lessThanOrEqual": "7.0.2",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.4.0",
"lessThanOrEqual": "6.4.7",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.2.0",
"lessThanOrEqual": "6.2.12",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.0.0",
"lessThanOrEqual": "6.0.12",
"status": "affected"
},
{
"versionType": "semver",
"version": "5.6.0",
"lessThanOrEqual": "5.6.11",
"status": "affected"
}
]
},
{
"vendor": "Fortinet",
"product": "FortiManager",
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "7.0.0",
"lessThanOrEqual": "7.0.2",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.4.0",
"lessThanOrEqual": "6.4.7",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.2.0",
"lessThanOrEqual": "6.2.12",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.0.0",
"lessThanOrEqual": "6.0.12",
"status": "affected"
},
{
"versionType": "semver",
"version": "5.6.0",
"lessThanOrEqual": "5.6.11",
"status": "affected"
}
]
}
]
More