CVE-2021-42756

CVE Database · CVE-2021-42756

CVE-2021-42756

· CRITICALModified

CVSS v3.1

9.8

EPSS

36.41%

Published

Feb 16, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-121CWE-787

Affected Products (5)

fortinet · fortiweb (up to 6.0.8)vulnerable

fortinet · fortiweb (up to 6.1.3)vulnerable

fortinet · fortiweb (up to 6.2.7)vulnerable

fortinet · fortiweb (up to 6.3.17)vulnerable

fortinet · fortiwebvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-21-186

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-21-186

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs