CVE-2021-24018

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 7.0.1 FortiWeb versions (affected versions not specified) FortiSwitch versions (affected versions not specified) FortiProxy versions (affected versions not specified) FortiADC versions (affected versions not specified) FortiAI versions (affected versions not specified) FortiManager versions (affected versions not specified) FortiAnalyzer versions (affected versions not specified)

Description A buffer underwrite vulnerability in the firmware verification routine may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image. This issue is related to a buffer boundary violation, which can be exploited by a remote attacker.

Recommendations For FortiOS versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue. For FortiWeb, FortiSwitch, FortiProxy, FortiADC, FortiAI, FortiManager, and FortiAnalyzer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.