Stack-Based Buffer Overflow in FortiWeb Command Line Interface
CVE-2021-36193

6.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortifone; Fortiadc; Fortimail; Fortiddos
Vendor: CVE Published:; 2 February 2022

What is CVE-2021-36193?

FortiWeb prior to version 6.4.2 has multiple vulnerabilities within its command line interpreter that may allow an authenticated attacker to exploit stack-based buffer overflows. By sending specially crafted commands, the attacker could execute arbitrary code, potentially compromising the security of the affected system.

Affected Version(s)

FortiADC 7.0.0

FortiADC 6.2.0 <= 6.2.2

FortiADC 6.1.0 <= 6.1.6

References

https://fortiguard.com/advisory/FG-IR-21-132

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2022
Vulnerability Reserved
Jul 6, 2021

CVE-2021-36193 Data

JSON

Fortinet

What is CVE-2021-36193?

Affected Version(s)

References

CVSS V3.1

Timeline