Fortinet FortiOS and FortiSwitchManager Heap-Based Buffer Overflow Vulnerability in cw_acd Daemon Allowing Unauthorized Code Execution

A heap-based buffer overflow vulnerability has been identified in Fortinet FortiOS versions 7.6.0 to 7.6.3, 7.4.0 to 7.4.8, 7.2.0 to 7.2.11, 7.0.0 to 7.0.17, 6.4.0 to 6.4.16, as well as FortiSASE 25.2.b, FortiSASE 25.1.a.2, FortiSwitchManager 7.2.0 to 7.2.6, and FortiSwitchManager 7.0.0 to 7.0.5. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code or commands by sending specially crafted packets. The issue arises in the cw_acd daemon, where the improper handling of packet data can lead to memory corruption and potential code execution.

Impact

Exploitation of this vulnerability could result in unauthorized execution of code or commands on the affected device.

Remediation

Users can upgrade Fortinet FortiOS to versions 7.6.4, 7.4.9, 7.2.12, or 7.0.18, depending on their current version. Fortinet FortiSASE 25.2.b users do not need to take any action, as Fortinet has already addressed this issue in version 25.2.c. FortiSASE 25.1.a.2 users should migrate to a fixed release. For FortiSwitchManager, users should upgrade to version 7.2.7 or 7.0.6, based on their current version. Consult the Fortinet upgrade tool for guidance.