CVE-2021-43072 — Classic Buffer Overflow in Fortinet Fortianalyzer

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 81.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager Fortinet Fortios +1 more

Timeline

PublishedJul 18

Description

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages6 packages

▶NVDfortinet/fortios6.0.0 — 6.2.11+2

▶NVDfortinet/fortiproxy1.0.0 — 2.0.9+1

▶NVDfortinet/fortimanager5.6.0 — 6.4.8+1

▶NVDfortinet/fortianalyzer5.6.0 — 6.4.8+1

▶CVEListV5fortinet/fortimanager7.0.0 — 7.0.2+4

🔴Vulnerability Details

GHSA

GHSA-69j8-frw9-cp4h: A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7↗2023-07-18

▶

CVEList

CVE-2021-43072: A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7↗2023-07-18

▶

📋Vendor Advisories

Fortinet

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and bel...↗2023-07-18

▶