← Back

CVE-2021-43071

nvd nist
Published: Dec 9, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.

Affected (4)

Products: Fortinet: Fortiweb
Fortinet
1 product
Fortiweb
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortiweb
From 6.2.0 to 6.2.6
Fortiweb
From 6.3.0 to 6.3.16
Fortiweb
Version 6.4.0
Fortiweb
Version 6.4.1

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

Source: psirt@fortinet.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.