CVE-2021-36193

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write CWE-22 — Path Traversal CWE-598 documents8 sources

Severity

7.2HIGH

EPSS

0.5%

top 34.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiweb Fortinet Fortiadc Fortinet Fortiddos +7 more

Timeline

PublishedFeb 2

Latest updateAug 25

Description

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages11 packages

▶NVDfortinet/fortiweb5.0.0 — 6.2.6+2

▶CVEListV5fortinet/fortiweb6.4.0 — 6.4.1+1

▶CVEListV5fortinet/fortiadc6.2.0 — 6.2.2+8

▶CVEListV5fortinet/fortindr1.5.0 — 1.5.3+4

▶CVEListV5fortinet/fortiddos5.6.0 — 5.6.1+11

🔴Vulnerability Details

GHSA

GHSA-xfch-762x-q3v9: Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6↗2022-02-08

▶

CVEList

CVE-2021-36193: Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6↗2022-02-02

▶

GHSA

Directory Traversal in Archive_Tar↗2021-08-09

▶

📋Vendor Advisories

CISA

PEAR Archive_Tar Improper Link Resolution Vulnerability↗2022-08-25

▶

Fortinet

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticate...↗2022-02-02

▶

Red Hat

php-pear: Directory traversal vulnerability↗2021-07-30

▶

Drupal

Drupal core - Critical - Third-party libraries - SA-CORE-2021-001↗2021-01-20

▶

External resources

NVD MITRE

Affected products10

Fortinet Fortiadc≥ 6.2.0, ≤ 6.2.2≥ 6.1.0, ≤ 6.1.6≥ 6.0.0, ≤ 6.0.4+6 more

Fortinet Fortiddos≥ 5.6.0, ≤ 5.6.1≥ 5.5.0, ≤ 5.5.1≥ 5.4.0, ≤ 5.4.3+9 more

Fortinet Fortiddos-cm≥ 5.5.0, ≤ 5.5.1≥ 5.4.0, ≤ 5.4.3≥ 5.3.0, ≤ 5.3.1+4 more

Fortinet Fortiddos-f≥ 6.2.0, ≤ 6.2.2≥ 6.1.0, ≤ 6.1.4v6.3.0

Fortinet Fortifone≥ 3.0.0, ≤ 3.0.11

Fortinet Fortimail≥ 7.0.0, ≤ 7.0.2≥ 6.4.0, ≤ 6.4.6≥ 6.2.0, ≤ 6.2.8+2 more

Fortinet Fortindr≥ 1.5.0, ≤ 1.5.3≥ 1.3.0, ≤ 1.3.1v1.1.0+2 more

Fortinet Fortirecorder≥ 6.4.0, ≤ 6.4.2≥ 6.0.0, ≤ 6.0.10≥ 2.7.0, ≤ 2.7.7+1 more

Fortinet Fortivoice≥ 6.4.0, ≤ 6.4.4≥ 6.0.0, ≤ 6.0.10

Fortinet Fortiweb≥ 5.0.0, < 6.2.6≥ 6.3.0, < 6.3.16≥ 6.4.0, < 6.4.2+2 more

Disclosure

PublishedFeb 2, 2022

Latest updateAug 25, 2022