vulnerability

Fortinet FortiManager: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CVE-2021-24022)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:N/I:N/A:P)	Jul 20, 2021	Aug 5, 2021	Aug 1, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:N/A:P)

Published

Jul 20, 2021

Added

Aug 5, 2021

Modified

Aug 1, 2025

Description

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.

Solutions

fortinet-fortimanager-upgrade-6_2_7fortinet-fortimanager-upgrade-6_2_8fortinet-fortimanager-upgrade-6_4_5fortinet-fortimanager-upgrade-6_4_6fortinet-fortimanager-upgrade-7_0_0

References

CVE-2021-24022
https://attackerkb.com/topics/CVE-2021-24022
URL-https://fortiguard.com/advisory/FG-IR-20-194

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today