CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-42756

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0540%
EPSS Percentile0.29th
Published2023年2月16日
Last Modified2024年11月21日

Vulnerability Description

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

Affected Platforms (CPE)

📦
Fortinet

Fortiweb

>= 5.6.0 and < 6.0.8
📦
Fortinet

Fortiweb

>= 6.1.0 and < 6.1.3
📦
Fortinet

Fortiweb

>= 6.2.0 and < 6.2.7
📦
Fortinet

Fortiweb

>= 6.3.0 and < 6.3.17
📦
Fortinet

Fortiweb

>= 6.4.0 and <= 6.4.2

References & Advisories

🔗 https://fortiguard.com/psirt/FG-IR-21-186
🔗 https://fortiguard.com/psirt/FG-IR-21-186

関連する脆弱性情報

CVE-2020-290169.8

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated,...

CVE-2026-248589.8

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 ...

CVE-2020-290159.8

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated,...

CVE-2025-597199.8

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiW...