Buffer overflow

A buffer underwrite (‘buffer underflow’) vulnerability in FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy & FortiSwitchManager administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests.   Exploitation status: Fortinet is not aware of any instance where this vulnerability was exploited in the wild. We continuously review and test the security of our products, and this vulnerability was internally discovered within that frame.
None
Execute unauthorized code or commands
Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.10 or above Please upgrade to FortiOS version 6.4.12 or above Please upgrade to FortiOS version 6.2.13 or above Please upgrade to FortiWeb version 7.2.2 or above Please upgrade to FortiWeb version 7.0.7 or above Please upgrade to FortiWeb version 6.4.3 or above Please upgrade to FortiWeb version 6.3.23 or above Please upgrade to FortiWeb version 6.2.8 or above Please upgrade to FortiWeb version 6.1.4 or above Please upgrade to upcoming FortiOS version 6.0.17 or above Please upgrade to FortiSwitchManager version 7.2.2 or above Please upgrade to FortiSwitchManager version 7.0.2 or above Please upgrade to FortiProxy version 7.2.3 or above Please upgrade to FortiProxy version 7.0.9 or above Please upgrade to FortiManager version 7.2.1 or above Please upgrade to FortiManager version 7.0.5 or above Please upgrade to FortiManager version 6.4.12 or above Please upgrade to FortiManager version 6.2.11 or above Please upgrade to FortiManager version 6.0.12 or above Please upgrade to FortiOS-6K7K version 7.0.10 or above Please upgrade to FortiOS-6K7K version 6.4.12 or above Please upgrade to FortiOS-6K7K version 6.2.13 or above Please upgrade to FortiAnalyzer version 7.2.1 or above Please upgrade to FortiAnalyzer version 7.0.5 or above Please upgrade to FortiAnalyzer version 6.4.12 or above Please upgrade to FortiAnalyzer version 6.2.11 or above Please upgrade to FortiAnalyzer version 6.0.12 or above   Workaround for FortiOS:   Disable HTTP/HTTPS administrative interface OR Limit IP addresses that can reach the administrative interface:   config firewall address edit “my_allowed_addresses” set subnet <MY IP> <MY SUBNET> end   Then create an Address Group:   config firewall addrgrp edit “MGMT_IPs” set member “my_allowed_addresses” end   Create the Local in Policy to restrict access only to the predefined group on management interface (here: port1):   config firewall local-in-policy edit 1 set intf port1 set srcaddr “MGMT_IPs” set dstaddr “all” set action accept set service HTTPS HTTP set schedule “always” set status enable next edit 2 set intf “any” set srcaddr “all” set dstaddr “all” set action deny set service HTTPS HTTP set schedule “always” set status enable end   If using non default ports, create appropriate service object for GUI administrative access:   config firewall service custom edit GUI_HTTPS set tcp-portrange <admin-sport> next edit GUI_HTTP set tcp-portrange <admin-port> end   Use these objects instead of "HTTPS HTTP "in the local-in policy 1 and 2 below.   When using an HA reserved management interface, the local in policy needs to be configured slightly differently - please see: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-a-local-in-policy-on-a-HA/ta-p/222005   Please contact customer support for assistance.   Workaround for FortiManager and FortiAnalyzer: Limit IP addresses that can reach the administrative interface   Workaround for FortiWeb:   Disable HTTP/HTTPS administrative interface OR Limit IP addresses that can reach the administrative interface
FortiSwitchManager version 7.2.0 through 7.2.1 FortiSwitchManager version 7.0.0 through 7.0.1 FortiOS version 7.2.0 through 7.2.3 FortiOS version 7.0.0 through 7.0.9 FortiOS version 6.4.0 through 6.4.11 FortiOS version 6.2.0 through 6.2.12 FortiOS version 6.0.0 through 6.0.16 FortiOS 5.x all versions FortiWeb version 7.2.0 through 7.2.1 FortiWeb version 7.0.0 through 7.0.6 FortiWeb version 6.4.0 through 6.4.2 FortiWeb version 6.3.0 through 6.3.22 FortiWeb version 6.2.0 through 6.2.7 FortiWeb version 6.1.0 through 6.1.3 FortiAnalyzer version 7.2.0 FortiAnalyzer version 7.0.0 through 7.0.4 FortiAnalyzer version 6.4.0 through 6.4.11 FortiAnalyzer version 6.2.0 through 6.2.10 FortiAnalyzer version 6.0.0 through 6.0.11 FortiManager version 7.2.0 FortiManager version 7.0.0 through 7.0.4 FortiManager version 6.4.0 through 6.4.11 FortiManager version 6.2.0 through 6.2.10 FortiManager version 6.0.0 through 6.0.11 FortiProxy version 7.2.0 through 7.2.2 FortiProxy version 7.0.0 through 7.0.8 FortiProxy version 2.0.0 through 2.0.12 FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiOS-6K7K version 7.0.5 FortiOS-6K7K version 6.4.10 FortiOS-6K7K version 6.4.8 FortiOS-6K7K version 6.4.6 FortiOS-6K7K version 6.4.2 FortiOS-6K7K version 6.2.9 through 6.2.12 FortiOS-6K7K version 6.2.6 through 6.2.7 FortiOS-6K7K version 6.2.4 FortiOS-6K7K 6.0 all versions   Even when running a vulnerable FortiOS version, the hardware devices listed below are only impacted by the DoS part of the issue, not by the arbitrary code execution (non-listed devices are vulnerable to both):    FortiGateRugged-100C FortiGate-100D FortiGate-200C FortiGate-200D FortiGate-300C FortiGate-3600A FortiGate-5001FA2 FortiGate-5002FB2 FortiGate-60D FortiGate-620B FortiGate-621B FortiGate-60D-POE FortiWiFi-60D FortiWiFi-60D-POE FortiGate-300C-Gen2 FortiGate-300C-DC-Gen2 FortiGate-300C-LENC-Gen2 FortiWiFi-60D-3G4G-VZW FortiGate-60DH FortiWiFi-60DH FortiGateRugged-60D FortiGate-VM01-Hyper-V FortiGate-VM01-KVM FortiWiFi-60D-I FortiGate-60D-Gen2 FortiWiFi-60D-J FortiGate-60D-3G4G-VZW FortiWifi-60D-Gen2 FortiWifi-60D-Gen2-J FortiWiFi-60D-T FortiGateRugged-90D FortiWifi-60D-Gen2-U FortiGate-50E FortiWiFi-50E FortiGate-51E FortiWiFi-51E FortiWiFi-50E-2R FortiGate-52E FortiGate-40F FortiWiFi-40F FortiGate-40F-3G4G FortiWiFi-40F-3G4G FortiGate-40F-3G4G-NA FortiGate-40F-3G4G-EA FortiGate-40F-3G4G-JP FortiWiFi-40F-3G4G-NA FortiWiFi-40F-3G4G-EA FortiWiFi-40F-3G4G-JP