vulnerability

Fortinet FortiAnalyzer: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CVE-2021-24022)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:N/I:N/A:P)	Jul 20, 2021	Aug 3, 2021	Apr 7, 2026

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:N/A:P)

Published

Jul 20, 2021

Added

Aug 3, 2021

Modified

Apr 7, 2026

Description

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.

Solutions

fortinet-fortianalyzer-upgrade-6_2_8fortinet-fortianalyzer-upgrade-6_4_6

References

CVE-2021-24022
https://attackerkb.com/topics/CVE-2021-24022
CWE-120
EUVD-EUVD-2021-10942
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-10942
https://fortiguard.com/advisory/FG-IR-20-194

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report