CVE-2021-42756

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

Published: Feb 16, 2023
Updated: Nov 8, 2023
CVE: CVE-2021-42756
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	6.3.0	6.3.17
fortinet / fortiweb	6.2.0	6.2.7
fortinet / fortiweb	6.4.0	6.4.2.x
fortinet / fortiweb	6.1.0	6.1.3
fortinet / fortiweb	5.6.0	6.0.8

https://fortiguard.com/psirt/FG-IR-21-186

Vulnerability Database

289,784

CVE-2021-42756