Fortinet Fortiweb vulnerabilities

CVE-2021-41026 [MEDIUM] CWE-22 CVE-2021-41026: A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an a A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

CVE-2021-36194 [HIGH] CWE-787 CVE-2021-36194: Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 thr Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests.

CVE-2021-43071 [HIGH] CWE-787 CVE-2021-43071: A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.

CVE-2021-41025 [HIGH] CWE-362 CVE-2021-41025: Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remot

CVE-2021-41017 [HIGH] CWE-787 CVE-2021-41017: Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6 Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.

CVE-2021-36195 [MEDIUM] CWE-78 CVE-2021-36195: Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4. Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.

CVE-2021-41014 [HIGH] CWE-400 CVE-2021-41014: A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below a A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets

CVE-2021-41027 [HIGH] CWE-787 CVE-2021-41027: A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device.

CVE-2021-36180 [HIGH] CWE-78 CVE-2021-36180: Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in F Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

CVE-2021-41013 [MEDIUM] CWE-863 CVE-2021-41013: An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 a An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.

CVE-2021-36188 [MEDIUM] CWE-79 CVE-2021-36188: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers

CVE-2021-43064 [MEDIUM] CWE-601 CVE-2021-43064: A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.

CVE-2021-41015 [MEDIUM] CWE-79 CVE-2021-41015: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler

CVE-2021-36190 [MEDIUM] CVE-2021-36190: A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.

CVE-2021-43063 [MEDIUM] CWE-79 CVE-2021-43063: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage.

CVE-2021-36191 [MEDIUM] CWE-601 CVE-2021-36191: A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers

CVE-2021-36186 [HIGH] CWE-787 CVE-2021-36186: A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 an A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests

CVE-2021-36187 [MEDIUM] CWE-400 CVE-2021-36187: A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6. A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests

CVE-2021-36179 [HIGH] CWE-787 CVE-2021-36179: A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution

CVE-2021-36182 [HIGH] CWE-78 CVE-2021-36182: A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet Fo A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests