CVE-2021-42757

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 6.4.7 FortiOS versions 7.0.0 through 7.0.2

Description A buffer overflow in the TFTP client library may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. The issue is related to a stack-based buffer overflow, which can be exploited by an attacker to execute arbitrary code.

Recommendations For FortiOS versions prior to 6.4.7, update to version 6.4.7 or later. For FortiOS versions 7.0.0 through 7.0.2, update to a version later than 7.0.2. As a temporary workaround, consider restricting access to the TFTP client library until a patch is available.