Lucene search

PRIOn knowledge basePRION:CVE-2021-42756

HistoryFeb 16, 2023 - 7:15 p.m.

Stack overflow

2023-02-1619:15:00

PRIOn knowledge base

www.prio-n.com

buffer overflow

fortiweb

remote attacker

arbitrary code execution

http requests

nvd

cwe-121

10 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.7%

JSON

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

CPENameOperatorVersion
fortiwebge6.3.0
fortiweblt6.3.17
fortiwebge6.2.0
fortiweblt6.2.7
fortiwebge6.4.0
fortiweble6.4.2
fortiwebge6.1.0
fortiweblt6.1.3
fortiwebge5.6.0
fortiweblt6.0.8

Name	Operator	Version
fortiweb	ge	6.3.0
fortiweb	lt	6.3.17
fortiweb	ge	6.2.0
fortiweb	lt	6.2.7
fortiweb	ge	6.4.0
fortiweb	le	6.4.2
fortiweb	ge	6.1.0
fortiweb	lt	6.1.3
fortiweb	ge	5.6.0
fortiweb	lt	6.0.8

References

fortiguard.com/psirt/FG-IR-21-186