Buffer Overflow in Fortinet FortiAnalyzer, FortiManager, and FortiOS
CVE-2021-43072

6.3HIGH

Key Information:

Vendor: Fortinet
Status: Fortianalyzer; Fortimanager
Vendor: CVE Published:; 18 July 2023

What is CVE-2021-43072?

A buffer copy without size checks vulnerability exists in Fortinet's FortiAnalyzer, FortiManager, FortiOS, and FortiProxy products. This flaw allows attackers to execute unauthorized commands or code through specially crafted CLI operations such as execute restore image and execute certificate remote, leveraging the tFTP protocol. Affected versions span various releases, creating significant risks for systems that remain unpatched.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiAnalyzer 7.0.0 <= 7.0.2

FortiAnalyzer 6.4.0 <= 6.4.7

FortiAnalyzer 6.2.0 <= 6.2.12

References

https://fortiguard.com/advisory/FG-IR-21-206

CVSS V3.1

Score:

6.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Oct 28, 2021

JSON

Fortinet

What is CVE-2021-43072?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.