CVE-2021-42756

Summary

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb6.4.0 <= 6.4.1affected
FortinetFortiWeb6.3.0 <= 6.3.16affected
FortinetFortiWeb6.2.0 <= 6.2.6affected
FortinetFortiWeb6.1.0 <= 6.1.2affected
FortinetFortiWeb6.0.0 <= 6.0.7affected
FortinetFortiWeb5.9.0 <= 5.9.1affected
FortinetFortiWeb5.8.5 <= 5.8.7affected
FortinetFortiWeb5.8.0 <= 5.8.3affected
FortinetFortiWeb5.7.0 <= 5.7.3affected
FortinetFortiWeb5.6.0 <= 5.6.2affected
FortinetFortiWeb5.8.0 < 5.8.*affected
FortinetFortiWeb5.7.0 < 5.7.*affected
FortinetFortiWeb5.6.0 < 5.6.*affected

Weaknesses

  • CWE-121: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References