CVE-2021-41017

Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.

Summary:

Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.

Reference Links(if available):

  • https://fortiguard.com/advisory/FG-IR-21-160
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)