CVE-2021-43072

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI execute restore image and execute certificate remote operations with the tFTP protocol.

Published: Jul 18, 2023
Updated: Jul 28, 2023
CVE: CVE-2021-43072
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
fortinet / fortianalyzer	7.0.0	7.0.3
fortinet / fortimanager	7.0.0	7.0.3
fortinet / fortios	6.4.0	6.4.9
fortinet / fortios	7.0.0	7.0.6
fortinet / fortios	6.0.0	6.2.11
fortinet / fortiproxy	7.0.0	7.0.4
fortinet / fortiproxy	1.0.0	2.0.9
fortinet / fortianalyzer	5.6.0	6.4.8
fortinet / fortimanager	5.6.0	6.4.8

Vulnerability Database

289,784

CVE-2021-43072