CVE-2021-43071

December 10, 2021

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.

Summary:

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.

Reference Links(if available):

  • https://fortiguard.com/advisory/FG-IR-21-188

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    hackerone

    HackerOne Bug Bounty Disclosure: availability-impact-from-exploiting-project-name-vulnerabilities-mr-root

    November 13, 2024
    hackerone

    HackerOne Bug Bounty Disclosure: idor-in-backup-recovery-functionality-theelgo

    November 13, 2024
    hackerone

    HackerOne Bug Bounty Disclosure: can-see-phone-numbers-of-others-by-providing-mail-address-sevada

    November 13, 2024
    image

    [BRAINCIPHER] – Ransomware Victim: G-One Auto Parts de México S[.]A[.] de C[.]V[.]

    November 13, 2024
    image

    [BRAINCIPHER] – Ransomware Victim: COOPERATIVA TELEFONICA DE CALAFATE LTD[.]

    November 13, 2024