CVE-2021-24022

Published: Jul 20, 2021Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.

Affected (4)

Products: Fortinet: Fortianalyzer, Fortimanager

Fortinet

2 products

Fortianalyzer

Fortimanager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortianalyzer	From 6.0.0 to 6.2.8
Fortinet Fortianalyzer	From 6.4.0 to 6.4.6
Fortinet Fortimanager	From 6.0.0 to 6.2.8
Fortinet Fortimanager	From 6.4.0 to 6.4.6

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://fortiguard.com/advisory/FG-IR-20-194

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-20-194

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.