Description

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.

Related CPE's

a

fortinet

fortianalyzer

2

a

fortinet

fortimanager

2

References

https://fortiguard.com/advisory/FG-IR-20-194

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-20-194

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-120

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-07-20T09:15:11.410Z

4 years ago

Last modified

2024-11-21T04:52:13.657Z

1 year ago