CVE-2021-36194

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGH
EPSS
0.8%
top 26.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwebFortinet Fortinet Fortiweb
Timeline
PublishedDec 9
Latest updateDec 10

Description

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb6.3.06.3.15+2
CVEListV5fortinet/fortinet_fortiwebFortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-x4wq-ph23-36hw: Multiple stack-based buffer overflows in the API controllers of FortiWeb 62021-12-10
CVEList
CVE-2021-36194: Multiple stack-based buffer overflows in the API controllers of FortiWeb 62021-12-09

📋Vendor Advisories

1
Fortinet
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allo...2021-12-09
CVE-2021-36194 (HIGH CVSS 8.8) | Multiple stack-based buffer overflo | cvebase.io