Stack-Based Buffer Overflow in FortiProxy Physical Appliance
CVE-2021-22130

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiproxy
Vendor: CVE Published:; 3 June 2021

Summary

A stack-based buffer overflow vulnerability exists in FortiProxy's command line interface (CLI) that affects several versions ranging from 1.0.0 to 2.0.1. This vulnerability allows an authenticated remote attacker to execute a Denial of Service (DoS) attack by inputting a large cpuset mask value into the diagnose sys cpuset command. While Fortinet has stated that they are not aware of any successful exploitation leading to code execution, this vulnerability poses a risk that should not be underestimated.

Affected Version(s)

Fortinet FortiProxy FortiProxy 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

References

https://fortiguard.com/advisory/FG-IR-21-006

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2021
Vulnerability Reserved
Jan 4, 2021