CVE-2021-42756 — Stack-based Buffer Overflow in Fortinet Fortiweb

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

71.9%

top 1.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiweb

Timeline

PublishedFeb 16

Description

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fortinet/fortiweb5.8.0 — 5.8.*+12

▶NVDfortinet/fortiweb5.6.0 — 6.0.8+4

🔴Vulnerability Details

CVEList

CVE-2021-42756: Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5↗2023-02-16

▶

GHSA

GHSA-wqmg-f43p-5ccf: Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5↗2023-02-16

▶

📋Vendor Advisories

Fortinet

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 a...↗2023-02-16

▶