CVE-2021-26112

EPSS 2.87%
Veröffentlicht 06.04.2022 10:15:07
Zuletzt bearbeitet 21.11.2024 05:55:53
Quelle psirt@fortinet.com
Teams Watchlist Login
Unerledigt Login

Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortiwan Version <= 4.5.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.87%	0.855

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
psirt@fortinet.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://fortiguard.com/psirt/FG-IR-21-065

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-26112

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-26112

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-26112

EUVD