CVE-2021-24022 MEDIUM

CVE-2021-24022

Vendor Fortinet
Product Fortinet FortiAnalyzer, FortiManager
Published July 20, 2021
Last update October 25, 2024

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.

Key dates

02Disclosure timeline

July 20, 2021 CVE published
October 25, 2024 Record updated