Description

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.

Related CPE's

a

fortinet

fortianalyzer

2

a

fortinet

fortimanager

2

References

https://fortiguard.com/advisory/FG-IR-20-194

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-120

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.4 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-07-20T11:15:11.410

3 years ago

Last modified

2021-07-29T19:03:54.317

3 years ago