Details of VAR-202107-0632

ID

VAR-202107-0632

CVE

CVE-2021-24022

TITLE

FortiAnalyzer CLI and FortiManager CLI Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010031

DESCRIPTION

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value. FortiAnalyzer CLI and FortiManager CLI Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. There is a security vulnerability in FortiAnalyzer, which is caused by triggering a buffer overflow by diagnosing Fortinet FortiManager, FortiAnalyzer. An attacker could exploit this vulnerability to trigger a denial of service and potentially run code

Trust: 2.34

sources: NVD: CVE-2021-24022 // JVNDB: JVNDB-2021-010031 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382740 // VULMON: CVE-2021-24022

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortimanager	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	6.4.6	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	6.2.8	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	6.4.6	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	6.2.8	Trust: 1.0
vendor:	フォーティネット	model:	fortianalyzer	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimanager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010031 // NVD: CVE-2021-24022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-24022
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-24022
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-24022
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-415
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-382740
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-24022
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-24022
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-382740
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-24022
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-24022
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-24022
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-382740 // VULMON: CVE-2021-24022 // JVNDB: JVNDB-2021-010031 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-415 // NVD: CVE-2021-24022 // NVD: CVE-2021-24022

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.1
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-382740 // JVNDB: JVNDB-2021-010031 // NVD: CVE-2021-24022

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-415

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

FG-IR-20-194

url:

https://www.fortiguard.com/psirt/FG-IR-20-194

Trust: 0.8

sources: JVNDB: JVNDB-2021-010031

EXTERNAL IDS

db:	NVD	id:	CVE-2021-24022	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010031	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021071404	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2381	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-415	Trust: 0.6
db:	VULHUB	id:	VHN-382740	Trust: 0.1
db:	VULMON	id:	CVE-2021-24022	Trust: 0.1

sources: VULHUB: VHN-382740 // VULMON: CVE-2021-24022 // JVNDB: JVNDB-2021-010031 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-415 // NVD: CVE-2021-24022

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-20-194	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-24022	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071404	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortinet-fortimanager-fortianalyzer-buffer-overflow-via-diagnose-35841	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2381	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-382740 // VULMON: CVE-2021-24022 // JVNDB: JVNDB-2021-010031 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-415 // NVD: CVE-2021-24022

SOURCES

db:	VULHUB	id:	VHN-382740
db:	VULMON	id:	CVE-2021-24022
db:	JVNDB	id:	JVNDB-2021-010031
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-415
db:	NVD	id:	CVE-2021-24022

LAST UPDATE DATE

2024-08-14T13:01:59.385000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-382740	date:	2021-07-29T00:00:00
db:	VULMON	id:	CVE-2021-24022	date:	2021-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-010031	date:	2022-06-14T07:04:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-415	date:	2021-08-25T00:00:00
db:	NVD	id:	CVE-2021-24022	date:	2021-07-29T19:03:54.317

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-382740	date:	2021-07-20T00:00:00
db:	VULMON	id:	CVE-2021-24022	date:	2021-07-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-010031	date:	2022-06-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-415	date:	2021-07-08T00:00:00
db:	NVD	id:	CVE-2021-24022	date:	2021-07-20T11:15:11.410