FortiManager and FortiAnalyzer - Buffer overflow vulnerability through the diagnose system geoip-city command

2021-07-0700:00:00

FortiGuard Labs

www.fortiguard.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

A buffer overflow vulnerability in FortiAnalyzer and FortiManager CLI may allow an authenticated, local attacker to perform a Denial of Service attack by running the diagnose system geoip-city command with a large ip value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.

CPENameOperatorVersion
fortianalyzereq6.4.5
fortianalyzereq6.4.4
fortianalyzereq6.4.3
fortianalyzereq6.4.2
fortianalyzereq6.4.1
fortianalyzereq6.4.0
fortianalyzereq6.2.7
fortianalyzereq6.2.6
fortianalyzereq6.2.5
fortianalyzereq6.2.4

Name	Operator	Version
fortianalyzer	eq	6.4.5
fortianalyzer	eq	6.4.4
fortianalyzer	eq	6.4.3
fortianalyzer	eq	6.4.2
fortianalyzer	eq	6.4.1
fortianalyzer	eq	6.4.0
fortianalyzer	eq	6.2.7
fortianalyzer	eq	6.2.6
fortianalyzer	eq	6.2.5
fortianalyzer	eq	6.2.4

Rows per page:

1-10 of 541

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for FG-IR-20-194