CVE-2024-21758Stack-based Buffer Overflow in Fortinet Fortiweb

CWE-121Stack-based Buffer OverflowCWE-120Classic Buffer Overflow4 documents4 sources
Severity
6.7MEDIUMNVD
CNA6.4
EPSS
0.0%
top 87.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedJan 14

Description

A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb7.2.07.2.8+1
CVEListV5fortinet/fortiweb7.4.07.4.1+1

🔴Vulnerability Details

2
GHSA
GHSA-5xxp-3j63-qv9w: A stack-based buffer overflow in Fortinet FortiWeb versions 72025-01-14
CVEList
CVE-2024-21758: A stack-based buffer overflow in Fortinet FortiWeb versions 72025-01-14

📋Vendor Advisories

1
Fortinet
A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a pri...2025-01-14
CVE-2024-21758 — Stack-based Buffer Overflow | cvebase