CVE-2021-42757 MEDIUM

CVE-2021-42757

Vendor Fortinet
Product FortiOS
Weakness CWE-120
Published December 8, 2021
Last update October 16, 2025

CVSS base score

6.3/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

What the vulnerability does

01Description

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

Key dates

02Disclosure timeline

December 8, 2021 CVE published
October 16, 2025 Record updated