CVE-2021-24022

MEDIUM

FortiAnalyzer and FortiManager 6.0.0-6.2.7 - Authenticated Denial of Service via GeoIP City Command Buffer Overflow

Title source: llm
STIX 2.1

Description

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-20-194

Scores

CVSS v3 6.7
EPSS 0.0022
EPSS Percentile 12.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-120
Status published
Products (2)
fortinet/fortianalyzer 6.0.0 - 6.2.8
fortinet/fortimanager 6.0.0 - 6.2.8
Published Jul 20, 2021
Tracked Since Feb 18, 2026