CVE-2021-36193

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

CVSS v3 6.7 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://fortiguard.com/advisory/FG-IR-21-132	Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-132	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::

History

21 Nov 2024, 06:13

Type	Values Removed	Values Added
References	~~() https://fortiguard.com/advisory/FG-IR-21-132 - Vendor Advisory~~	() https://fortiguard.com/advisory/FG-IR-21-132 - Vendor Advisory
CVSS	v2 : ~~6.5~~ v3 : ~~7.2~~	v2 : 6.5 v3 : 6.7

07 Feb 2022, 18:25

Type	Values Removed	Values Added
CPE		cpe:2.3:a:fortinet:fortiweb::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 7.2
CWE		CWE-787
References	~~(CONFIRM) https://fortiguard.com/advisory/FG-IR-21-132 -~~	(CONFIRM) https://fortiguard.com/advisory/FG-IR-21-132 - Vendor Advisory

02 Feb 2022, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-02-02 12:15

Updated : 2024-11-21 06:13

NVD link : CVE-2021-36193

Mitre link : CVE-2021-36193

CVE.ORG link : CVE-2021-36193

JSON object : View

Products Affected

fortinet

fortiweb

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2021-36193", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-02-02T12:15:07.977", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-21-132", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/advisory/FG-IR-21-132", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria en el int\u00e9rprete de l\u00ednea de comandos de FortiWeb versiones anteriores a 6.4.2, pueden permitir a un atacante autenticado lograr una ejecuci\u00f3n de c\u00f3digo arbitrario por medio de comandos especialmente dise\u00f1ados"}], "lastModified": "2024-11-21T06:13:17.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5738C08-6BAE-4A23-895E-CC17152F1ADA", "versionEndExcluding": "6.2.6", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0486411-DC71-4C02-8973-B91930A439A2", "versionEndExcluding": "6.3.16", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C97F7E3F-4747-46AA-8D2C-5D7C363CDB14", "versionEndExcluding": "6.4.2", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}