CVE-2021-43072
Published: Jul 18, 2023
Modified: Sep 17, 2024
CVSS v3.1
6.3
Description
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.
| Vendor | Product | Versions |
|---|---|---|
Fortinet | FortiAnalyzer | affected 7.0.0 - <= 7.0.2affected 6.4.0 - <= 6.4.7affected 6.2.0 - <= 6.2.12affected 6.0.0 - <= 6.0.12affected 5.6.0 - <= 5.6.11 |
Fortinet | FortiManager | affected 7.0.0 - <= 7.0.2affected 6.4.0 - <= 6.4.7affected 6.2.0 - <= 6.2.12affected 6.0.0 - <= 6.0.12affected 5.6.0 - <= 5.6.11 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now