CVE-2021-36194

Summary

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiWebFortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15affected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References