CVE-2021-22130

Опубликовано: 03 июн. 2021

Источник: nvd

CVSS3: 6.7

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the diagnose sys cpuset with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.

Ссылки

https://fortiguard.com/advisory/FG-IR-21-006
Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-006
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 1.0.7 (включая)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Версия от 1.1.0 (включая) до 1.1.6 (включая)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Версия от 1.2.0 (включая) до 1.2.10 (исключая)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.0.2 (исключая)

EPSS

Процентиль: 69%

0.00618

Низкий

6.7 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-r6h6-26c6-pwfv

github

больше 3 лет назад

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.

EPSS

Процентиль: 69%

0.00618

Низкий

6.7 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-787