CVE-2020-29016
published 2021-01-14CVE-2020-29016: A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.30%
87.0th percentile
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet_fortiweb | — | — |
| fortinet | fortiweb | < 6.2.4 | 6.2.4 |
| fortinet | fortiweb | — | — |
| fortinet | fortiweb | 6.3.0 – 6.3.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized certname field in requests to FortiWeb — the vulnerability is triggered by sending a crafted request with a large certname value, which causes a stack-based buffer overflow ↗
- →Target detection scope: FortiWeb versions 6.3.0 through 6.3.5 and any version before 6.2.4 are vulnerable; prioritize monitoring/patching these specific version ranges ↗
- ·The attack is unauthenticated and remote — no credentials are required to trigger the overflow, meaning the attack surface is exposed to any network-reachable attacker without prior authentication ↗
- ·CVSS score is 9.8 (Critical) with CWE-787 (Out-of-bounds Write); the stack overwrite may lead to arbitrary code execution, not just a crash — treat as RCE risk ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Fortinet
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauth...
vendor_fortinet·2021-01-14·CVSS 9.8
CVE-2020-29016 [CRITICAL] CWE-787 A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauth...
FG-IR-20-125: A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauth...
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
CVEs: CVE-2020-29016
CWEs: CWE-787
CVSS: 9.8 (critical)
Affected products: FortiWeb
GHSA
GHSA-4chx-4wv3-ph6v: A stack-based buffer overflow vulnerability in FortiWeb 6
ghsa_unreviewed·2022-05-24
CVE-2020-29016 [CRITICAL] CWE-787 GHSA-4chx-4wv3-ph6v: A stack-based buffer overflow vulnerability in FortiWeb 6
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-01-14
Published