CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
36.6%
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename
and execute backup-local show
operations.
Vendor | Product | Version | CPE |
---|---|---|---|
fortinet | fortiweb | * | cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* |
fortinet | fortiweb | 6.4.0 | cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:* |
fortinet | fortiweb | 6.4.1 | cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:* |
fortinet | fortiweb | 6.4.2 | cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:* |
fortinet | fortiweb | 7.0.0 | cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:* |
fortinet | fortiweb | 7.0.1 | cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:* |
[
{
"vendor": "Fortinet",
"product": "FortiWeb",
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "7.0.0",
"lessThanOrEqual": "7.0.1",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.4.0",
"lessThanOrEqual": "6.4.2",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.3.6",
"lessThanOrEqual": "6.3.19",
"status": "affected"
}
]
}
]