CVE-2021-36179

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGH
EPSS
0.6%
top 31.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwebFortinet Fortinet Fortiweb
Timeline
PublishedSep 8
Latest updateMay 24

Description

A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb6.3.06.3.14+1
CVEListV5fortinet/fortinet_fortiwebFortiWeb 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

🔴Vulnerability Details

2
GHSA
GHSA-rrvv-g9v3-737h: A stack-based buffer overflow in Fortinet FortiWeb version 62022-05-24
CVEList
CVE-2021-36179: A stack-based buffer overflow in Fortinet FortiWeb version 62021-09-08

📋Vendor Advisories

1
Fortinet
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute...2021-09-08
CVE-2021-36179 (HIGH CVSS 8.8) | A stack-based buffer overflow in Fo | cvebase.io