CVE-2021-42756
published 2023-02-16CVE-2021-42756: Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and…
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
36.41%
98.3th percentile
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiweb | — | — |
| fortinet | fortiweb | >= 5.6.0 < 5.6.* | 5.6.* |
| fortinet | fortiweb | >= 5.6.0 < 6.0.8 | 6.0.8 |
| fortinet | fortiweb | 5.6.0 – 5.6.2 | — |
| fortinet | fortiweb | >= 5.7.0 < 5.7.* | 5.7.* |
| fortinet | fortiweb | 5.7.0 – 5.7.3 | — |
| fortinet | fortiweb | >= 5.8.0 < 5.8.* | 5.8.* |
| fortinet | fortiweb | 5.8.0 – 5.8.3 | — |
| fortinet | fortiweb | 5.8.5 – 5.8.7 | — |
| fortinet | fortiweb | 5.9.0 – 5.9.1 | — |
| fortinet | fortiweb | 6.0.0 – 6.0.7 | — |
| fortinet | fortiweb | >= 6.1.0 < 6.1.3 | 6.1.3 |
| fortinet | fortiweb | 6.1.0 – 6.1.2 | — |
| fortinet | fortiweb | >= 6.2.0 < 6.2.7 | 6.2.7 |
| fortinet | fortiweb | 6.2.0 – 6.2.6 | — |
| fortinet | fortiweb | >= 6.3.0 < 6.3.17 | 6.3.17 |
| fortinet | fortiweb | 6.3.0 – 6.3.16 | — |
| fortinet | fortiweb | 6.4.0 – 6.4.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the FortiWeb proxy daemon process for anomalous activity; specifically crafted HTTP requests triggering stack-based buffer overflows (CWE-121) may indicate exploitation attempts ↗
- →Monitor for unauthenticated inbound HTTP requests to FortiWeb appliances that are abnormally large or malformed, consistent with stack buffer overflow exploitation attempts against the proxy daemon ↗
- ·All FortiWeb 5.x versions are affected with no patched sub-version available in that branch; FortiWeb 6.4 all versions are also fully affected — ensure these branches are prioritized for upgrade or mitigation ↗
- ·The vulnerability resides specifically in the proxy daemon component of FortiWeb; detection and mitigation efforts should be scoped to that daemon rather than the broader FortiWeb application ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Fortinet
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 a...
vendor_fortinet·2023-02-16·CVSS 9.8
CVE-2021-42756 [CRITICAL] CWE-121 Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 a...
FG-IR-21-186: Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 a...
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.
CVEs: CVE-2021-42756
CWEs: CWE-121, CWE-787
CVSS: 9.8 (critical)
Affected products: FortiWeb
GHSA
GHSA-wqmg-f43p-5ccf: Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5
ghsa_unreviewed·2023-02-16
CVE-2021-42756 [CRITICAL] CWE-787 GHSA-wqmg-f43p-5ccf: Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.
No detection rules found.
No public exploits indexed.
2023-02-16
Published