What is CVE-2021-42757?

CVE-2021-42757 is a medium-severity vulnerability in Fortinet Fortiadc, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 6.3/10. Published 2021-12-08.

How severe is CVE-2021-42757?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Buffer overflow in Fortinet Fortiadc

CVE-2021-42757

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

Vulnerability class: Buffer Overflow

EPSS: 0.001 (22.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C.

Affected products

Fortinet Fortiadc — versions 6.2.0, 6.1.0, 6.0.0
Fortinet Fortianalyzer — versions 7.0.0, 6.4.0, 6.2.0
Fortinet Fortiddos — versions 5.5.0, 5.4.0, 5.3.0
Fortinet Fortiddos-f — versions 6.4.0, 6.3.0, 6.2.0
Fortinet Fortimail — versions 7.0.0, 6.4.0, 6.2.0
Fortinet Fortimanager — versions 7.0.0, 6.4.0, 6.2.0
Fortinet Fortindr — versions 1.5.0, 1.4.0, 1.3.0
Fortinet Fortios — versions 7.0.0, 6.4.0, 6.2.0
Fortinet Fortiportal — versions 6.0.0, 5.3.0, 5.2.0
Fortinet Fortiproxy — versions 7.0.0, 2.0.0, 1.2.0

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

https://fortiguard.com/advisory/FG-IR-21-173

Frequently asked questions

What is CVE-2021-42757?: CVE-2021-42757 is a medium-severity vulnerability in Fortinet Fortiadc, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 6.3/10. Published 2021-12-08.
How severe is CVE-2021-42757?: Medium severity. CVSS v3 base score is 6.3 out of 10.