CVE-2021-26112

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

9.8CRITICAL

EPSS

1.3%

top 20.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiwan Fortinet Fortinet Fortiwan

Timeline

PublishedApr 6

Latest updateApr 7

Description

Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortiwan4.5.8

▶CVEListV5fortinet/fortinet_fortiwanFortiWAN before 4.5.9

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

GHSA

GHSA-fx4p-5h4m-vvxr: Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4↗2022-04-07

▶

CVEList

CVE-2021-26112: Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4↗2022-04-06

▶

📋Vendor Advisories

Fortinet

Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpret...↗2022-04-06

▶