CVE-2021-22130
published 2021-06-03CVE-2021-22130: A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an…
medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortinet_fortiproxy | — | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | 1.0.0 – 1.0.7 | — |
| fortinet | fortiproxy | 1.1.0 – 1.1.6 | — |
| fortinet | fortiproxy | >= 1.2.0 < 1.2.10 | 1.2.10 |
| fortinet | fortiproxy | >= 2.0.0 < 2.0.2 | 2.0.2 |