CVE-2021-43071

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.

Summary:

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.

Reference Links(if available):

  • https://fortiguard.com/advisory/FG-IR-21-188
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)