First published: Tue Jul 20 2021(Updated: )
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiAnalyzer | >=6.0.0<6.2.8 | |
Fortinet FortiAnalyzer | >=6.4.0<6.4.6 | |
Fortinet FortiManager | >=6.0.0<6.2.8 | |
Fortinet FortiManager | >=6.4.0<6.4.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-24022 is medium with a severity value of 4.4.
CVE-2021-24022 affects FortiAnalyzer CLI version 6.4.5 and below, 6.2.7 and below, and 6.0.x, as well as FortiManager CLI version 6.4.5 and below, 6.2.7 and below, and 6.0.x.
CVE-2021-24022 is a buffer overflow vulnerability that may allow an authenticated, local attacker to perform a Denial of Service attack by running a specific command with a large input.
An attacker can exploit CVE-2021-24022 by running the 'diagnose system geoip-city' command with a large input.
Yes, the fix for CVE-2021-24022 is to upgrade to FortiAnalyzer CLI version 6.4.6 or above, 6.2.8 or above, or 6.0.x or above, and FortiManager CLI version 6.4.6 or above, 6.2.8 or above, or 6.0.x or above.