Headline
CVE-2023-29177: Fortiguard
Multiple buffer copy without checking size of input (‘classic buffer overflow’) vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.
** PSIRT Advisories**
FortiADC & FortiDDoS-F - Buffer overflows in CLI commands
Summary
Multiple buffer copy without checking size of input (‘classic buffer overflow’) vulnerabilities [CWE-120] in FortiADC & FortiDDoS-F may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.
Version
Affected
Solution
FortiDDoS-F 6.5
6.5.0
Upgrade to 6.5.1 or above
FortiDDoS-F 6.4
6.4.0 through 6.4.1
Upgrade to 6.4.2 or above
FortiDDoS-F 6.3
6.3 all versions
Migrate to a fixed release
FortiDDoS-F 6.2
6.2 all versions
Migrate to a fixed release
FortiDDoS-F 6.1
6.1.0 through 6.1.4
FortiADC 7.2
7.2.0
Upgrade to 7.2.1 or above
FortiADC 7.1
7.1.0 through 7.1.2
Upgrade to 7.1.3 or above
FortiADC 7.0
7.0 all versions
Migrate to a fixed release
FortiADC 6.2
6.2 all versions
Migrate to a fixed release
FortiADC 6.1
6.1 all versions
Migrate to a fixed release
FortiADC 6.0
6.0 all versions
Migrate to a fixed release
FortiADC 5.4
5.4 all versions
Migrate to a fixed release
FortiADC 5.3
5.3 all versions
Migrate to a fixed release
FortiADC 5.2
5.2 all versions
Migrate to a fixed release
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool
Acknowledgement
Internally discovered and reported by Théo Leleu of Fortinet Product Security team.
Timeline
2023-11-02: Initial publication