QID 376131

FortiManager provides centralized policy-based provisioning, device configuration, and update management for FortiGate, FortiWiFi, and FortiMail appliances, and FortiClient end-point security agents, plus end-to-end network monitoring and device control.

The vulnerability allows a local user to escalate privileges on the system. The vulnerability exists due to a boundary error within the geoip-city CLI command. A local user can trigger a buffer overflow and execute arbitrary code with elevated privileges.

Affected Products:
FortiManager Versions: 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5
FortiAnalyzer Versions: 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5

QID Detection Logic(Authenticated):
QID will fire the command to get system status and will match the affected version

The vulnerability exists due to a boundary error within the geoip-city CLI command. A local user can trigger a buffer overflow and execute arbitrary code with elevated privileges.