CVE-2021-22130: 
Fortinet FortiProxy vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability (CVE-2021-22130) affects FortiProxy physical appliance CLI versions 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, and 1.0.0 to 1.0.7. The vulnerability allows an authenticated, remote attacker to perform a Denial of Service attack by running the diagnose sys cpuset command with a large cpuset mask value (Fortinet Advisory, NVD).

The vulnerability is classified as a stack-based buffer overflow (CWE-787 Out-of-bounds Write). It has received a CVSS v3.1 base score of 4.9 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H according to NVD, while Fortinet assigned it a CVSS score of 6.7 (MEDIUM) with vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to a Denial of Service condition when exploited. Fortinet has stated they are not aware of any successful exploitation of this vulnerability that would lead to code execution (Fortinet Advisory).

Fortinet recommends upgrading to FortiProxy version 1.2.10 or above, or version 2.0.2 or above to address this vulnerability (Fortinet Advisory).

The vulnerability was internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team (Fortinet Advisory).