CVE-2021-41027

Опубликовано: 08 дек. 2021

Источник: nvd

CVSS3: 7.3

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device.

Ссылки

https://fortiguard.com/advisory/FG-IR-21-134
Patch
Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-134
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00182

Низкий

7.3 High

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-jgm2-2f8q-fj63

github

около 4 лет назад

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device.

EPSS

Процентиль: 40%

0.00182

Низкий

7.3 High

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-787