VYPR
Unrated severityNVD Advisory· Published Dec 9, 2021· Updated Oct 25, 2024

CVE-2021-43071

CVE-2021-43071

Description

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.

Affected products

2
  • Fortinet/Fortiwebllm-fuzzy2 versions
    >=6.2.0 <=6.2.6, >=6.3.0 <=6.3.15, 6.4.0, 6.4.1+ 1 more
    • (no CPE)range: >=6.2.0 <=6.2.6, >=6.3.0 <=6.3.15, 6.4.0, 6.4.1
    • (no CPE)range: FortiWeb 6.4.1, 6.4.0, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.