CVE-2021-36186

CWE-787Out-of-bounds Write4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.5%
top 32.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwebFortinet Fortinet Fortiweb
Timeline
PublishedNov 2
Latest updateMay 24

Description

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb6.2.06.2.5+2
CVEListV5fortinet/fortinet_fortiwebFortiWeb 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

🔴Vulnerability Details

2
GHSA
GHSA-rv4v-vfgf-hg84: A stack-based buffer overflow in Fortinet FortiWeb version 62022-05-24
CVEList
CVE-2021-36186: A stack-based buffer overflow in Fortinet FortiWeb version 62021-11-02

📋Vendor Advisories

1
Fortinet
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attac...2021-11-02
CVE-2021-36186 (CRITICAL CVSS 9.8) | A stack-based buffer overflow in Fo | cvebase.io