CVE-2021-36193

Summary

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiFone3.0.0 <= 3.0.11affected
FortinetFortiADC7.0.0affected
FortinetFortiADC6.2.0 <= 6.2.2affected
FortinetFortiADC6.1.0 <= 6.1.6affected
FortinetFortiADC6.0.0 <= 6.0.4affected
FortinetFortiADC5.4.0 <= 5.4.5affected
FortinetFortiADC5.3.0 <= 5.3.7affected
FortinetFortiADC5.2.0 <= 5.2.8affected
FortinetFortiADC5.1.0 <= 5.1.7affected
FortinetFortiADC5.0.0 <= 5.0.4affected
FortinetFortiMail7.0.0 <= 7.0.2affected
FortinetFortiMail6.4.0 <= 6.4.6affected
FortinetFortiMail6.2.0 <= 6.2.8affected
FortinetFortiMail6.0.0 <= 6.0.12affected
FortinetFortiMail5.4.0 <= 5.4.12affected
FortinetFortiDDoS5.7.0affected
FortinetFortiDDoS5.6.0 <= 5.6.1affected
FortinetFortiDDoS5.5.0 <= 5.5.1affected
FortinetFortiDDoS5.4.0 <= 5.4.3affected
FortinetFortiDDoS5.3.0 <= 5.3.2affected
FortinetFortiDDoS5.2.0affected
FortinetFortiDDoS5.1.0affected
FortinetFortiDDoS5.0.0affected
FortinetFortiDDoS4.7.0affected
FortinetFortiDDoS4.6.0affected
FortinetFortiDDoS4.5.0affected
FortinetFortiDDoS4.4.0 <= 4.4.2affected
FortinetFortiDDoS-F6.3.0affected
FortinetFortiDDoS-F6.2.0 <= 6.2.2affected
FortinetFortiDDoS-F6.1.0 <= 6.1.4affected
FortinetFortiVoice6.4.0 <= 6.4.4affected
FortinetFortiVoice6.0.0 <= 6.0.10affected
FortinetFortiDDoS-CM5.5.0 <= 5.5.1affected
FortinetFortiDDoS-CM5.4.0 <= 5.4.3affected
FortinetFortiDDoS-CM5.3.0 <= 5.3.1affected
FortinetFortiDDoS-CM5.2.0affected
FortinetFortiDDoS-CM5.1.0affected
FortinetFortiDDoS-CM5.0.0affected
FortinetFortiDDoS-CM4.7.0affected
FortinetFortiWeb6.4.0 <= 6.4.1affected
FortinetFortiWeb6.3.0 <= 6.3.15affected
FortinetFortiRecorder6.4.0 <= 6.4.2affected
FortinetFortiRecorder6.0.0 <= 6.0.10affected
FortinetFortiRecorder2.7.0 <= 2.7.7affected
FortinetFortiRecorder2.6.0 <= 2.6.3affected
FortinetFortiNDR1.5.0 <= 1.5.3affected
FortinetFortiNDR1.4.0affected
FortinetFortiNDR1.3.0 <= 1.3.1affected
FortinetFortiNDR1.2.0affected
FortinetFortiNDR1.1.0affected

Weaknesses

  • CWE-121: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References