CVE-2021-43071

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.

Published: Dec 9, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-43071
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	6.4.0	6.4.0.x
fortinet / fortiweb	6.4.1	6.4.1.x
fortinet / fortiweb	6.2.0	6.2.6.x
fortinet / fortiweb	6.3.0	6.3.16.x

https://fortiguard.com/advisory/FG-IR-21-188

Vulnerability Database

289,784

CVE-2021-43071