Heap-Based Buffer Overflow in Fortinet FortiWeb's LogReport API
CVE-2021-43071
8.8HIGH
What is CVE-2021-43071?
A heap-based buffer overflow vulnerability exists in Fortinet FortiWeb versions 6.4.1, 6.4.0, 6.3.15, and earlier versions. This flaw allows an attacker to execute unauthorized code or commands by sending specially crafted HTTP requests to the LogReport API controller. Exploiting this vulnerability could potentially lead to significant security breaches, giving unauthorized access to sensitive system functionalities.
Affected Version(s)
Fortinet FortiWeb FortiWeb 6.4.1, 6.4.0, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0