CVE-2021-36193 vulnerability in Fortinet Products
Published on February 2, 2022
Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.
Vulnerability Analysis
CVE-2021-36193 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2021-36193 has been classified to as a Stack Overflow vulnerability or weakness.
Products Associated with CVE-2021-36193
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-36193 are published in these products:
Affected Versions
Fortinet FortiFone:- Version 3.0.0, <= 3.0.11 is affected.
- Version 7.0.0 is affected.
- Version 6.2.0, <= 6.2.2 is affected.
- Version 6.1.0, <= 6.1.6 is affected.
- Version 6.0.0, <= 6.0.4 is affected.
- Version 5.4.0, <= 5.4.5 is affected.
- Version 5.3.0, <= 5.3.7 is affected.
- Version 5.2.0, <= 5.2.8 is affected.
- Version 5.1.0, <= 5.1.7 is affected.
- Version 5.0.0, <= 5.0.4 is affected.
- Version 7.0.0, <= 7.0.2 is affected.
- Version 6.4.0, <= 6.4.6 is affected.
- Version 6.2.0, <= 6.2.8 is affected.
- Version 6.0.0, <= 6.0.12 is affected.
- Version 5.4.0, <= 5.4.12 is affected.
- Version 5.7.0 is affected.
- Version 5.6.0, <= 5.6.1 is affected.
- Version 5.5.0, <= 5.5.1 is affected.
- Version 5.4.0, <= 5.4.3 is affected.
- Version 5.3.0, <= 5.3.2 is affected.
- Version 5.2.0 is affected.
- Version 5.1.0 is affected.
- Version 5.0.0 is affected.
- Version 4.7.0 is affected.
- Version 4.6.0 is affected.
- Version 4.5.0 is affected.
- Version 4.4.0, <= 4.4.2 is affected.
- Version 6.3.0 is affected.
- Version 6.2.0, <= 6.2.2 is affected.
- Version 6.1.0, <= 6.1.4 is affected.
- Version 6.4.0, <= 6.4.4 is affected.
- Version 6.0.0, <= 6.0.10 is affected.
- Version 5.5.0, <= 5.5.1 is affected.
- Version 5.4.0, <= 5.4.3 is affected.
- Version 5.3.0, <= 5.3.1 is affected.
- Version 5.2.0 is affected.
- Version 5.1.0 is affected.
- Version 5.0.0 is affected.
- Version 4.7.0 is affected.
- Version 6.4.0, <= 6.4.1 is affected.
- Version 6.3.0, <= 6.3.15 is affected.
- Version 6.4.0, <= 6.4.2 is affected.
- Version 6.0.0, <= 6.0.10 is affected.
- Version 2.7.0, <= 2.7.7 is affected.
- Version 2.6.0, <= 2.6.3 is affected.
- Version 1.5.0, <= 1.5.3 is affected.
- Version 1.4.0 is affected.
- Version 1.3.0, <= 1.3.1 is affected.
- Version 1.2.0 is affected.
- Version 1.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.