Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CNVD-2022-19074
Vulnerability from cnvd - Published: 2022-03-14
VLAI Severity ?
Title
Fortinet FortiWeb缓冲区溢出漏洞(CNVD-2022-19074)
Description
Fortinet FortiWeb是美国飞塔(Fortinet)公司的一款Web应用层防火墙,它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁,保证Web应用程序的安全性并保护敏感的数据库内容。
Fortinet FortiWeb 6.4.2之前版本存在缓冲区溢出漏洞,经过身份验证的攻击者可利用该漏洞通过特制的命令执行任意代码。
Severity
中
Patch Name
Fortinet FortiWeb缓冲区溢出漏洞(CNVD-2022-19074)的补丁
Patch Description
Fortinet FortiWeb是美国飞塔(Fortinet)公司的一款Web应用层防火墙,它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁,保证Web应用程序的安全性并保护敏感的数据库内容。
Fortinet FortiWeb 6.4.2之前版本存在缓冲区溢出漏洞,经过身份验证的攻击者可利用该漏洞通过特制的命令执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://fortiguard.com/advisory/FG-IR-21-132
Reference
https://fortiguard.com/advisory/FG-IR-21-132
Impacted products
| Name | Fortinet Fortinet FortiWeb <6.4.2 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-36193",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-36193"
}
},
"description": "Fortinet FortiWeb\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u5e94\u7528\u5c42\u9632\u706b\u5899\uff0c\u5b83\u80fd\u591f\u963b\u65ad\u5982\u8de8\u7ad9\u70b9\u811a\u672c\u3001SQL\u6ce8\u5165\u3001Cookie\u4e2d\u6bd2\u3001schema\u4e2d\u6bd2\u7b49\u653b\u51fb\u7684\u5a01\u80c1\uff0c\u4fdd\u8bc1Web\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\u5e76\u4fdd\u62a4\u654f\u611f\u7684\u6570\u636e\u5e93\u5185\u5bb9\u3002\n\nFortinet FortiWeb 6.4.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684\u547d\u4ee4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.com/advisory/FG-IR-21-132",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-19074",
"openTime": "2022-03-14",
"patchDescription": "Fortinet FortiWeb\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u5e94\u7528\u5c42\u9632\u706b\u5899\uff0c\u5b83\u80fd\u591f\u963b\u65ad\u5982\u8de8\u7ad9\u70b9\u811a\u672c\u3001SQL\u6ce8\u5165\u3001Cookie\u4e2d\u6bd2\u3001schema\u4e2d\u6bd2\u7b49\u653b\u51fb\u7684\u5a01\u80c1\uff0c\u4fdd\u8bc1Web\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\u5e76\u4fdd\u62a4\u654f\u611f\u7684\u6570\u636e\u5e93\u5185\u5bb9\u3002\r\n\r\nFortinet FortiWeb 6.4.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684\u547d\u4ee4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Fortinet FortiWeb\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2022-19074\uff09\u7684\u8865\u4e01",
"products": {
"product": "Fortinet Fortinet FortiWeb \u003c6.4.2"
},
"referenceLink": "https://fortiguard.com/advisory/FG-IR-21-132",
"serverity": "\u4e2d",
"submitTime": "2022-02-08",
"title": "Fortinet FortiWeb\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2022-19074\uff09"
}
CVE-2021-36193 (GCVE-0-2021-36193)
Vulnerability from cvelistv5 – Published: 2022-02-02 11:19 – Updated: 2026-01-13 16:32
VLAI?
EPSS
Summary
Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.
Severity ?
CWE
- CWE-121 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiFone |
Affected:
3.0.0 , ≤ 3.0.11
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:50.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-132"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-36193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:12:56.216120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:35:45.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiFone",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "3.0.11",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"lessThanOrEqual": "6.2.2",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.6",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.5",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.7",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.7",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.4",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.2",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.6",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.8",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.12",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.12",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortiddos:5.7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDDoS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.7.0"
},
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "5.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.1",
"status": "affected",
"version": "5.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.3",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.2",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "4.6.0"
},
{
"status": "affected",
"version": "4.5.0"
},
{
"lessThanOrEqual": "4.4.2",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDDoS-F",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.3.0"
},
{
"lessThanOrEqual": "6.2.2",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.4",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.10",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiDDoS-CM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.5.1",
"status": "affected",
"version": "5.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.3",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.1",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "4.7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.1",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.15",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.10",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.7.7",
"status": "affected",
"version": "2.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2.6.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows\u00a0in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T16:32:40.255Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/advisory/FG-IR-21-132",
"url": "https://fortiguard.com/advisory/FG-IR-21-132"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiFone version 3.0.12 or above\nPlease upgrade to FortiWeb version 7.0.0 or above\nPlease upgrade to FortiWeb version 6.4.2 or above\nPlease upgrade to FortiWeb version 6.3.17 or above\nPlease upgrade to FortiWeb version 6.3.16 or above\nPlease upgrade to FortiWeb version 6.2.7 or above\nPlease upgrade to FortiRecorder version 7.0.0 or above\nPlease upgrade to FortiRecorder version 6.4.3 or above\nPlease upgrade to FortiRecorder version 6.0.11 or above\nPlease upgrade to FortiVoiceEnterprise version 6.4.5 or above\nPlease upgrade to FortiVoiceEnterprise version 6.0.11 or above\nPlease upgrade to FortiMail version 7.2.0 or above\nPlease upgrade to FortiMail version 7.0.3 or above\nPlease upgrade to FortiMail version 6.4.7 or above\nPlease upgrade to FortiMail version 6.2.9 or above\nPlease upgrade to FortiDDoS-F version 6.3.1 or above\nPlease upgrade to FortiDDoS-F version 6.2.3 or above\nPlease upgrade to FortiDDoS-F version 6.1.5 or above\nPlease upgrade to FortiADC version 7.0.1 or above\nPlease upgrade to FortiADC version 6.2.3 or above\nPlease upgrade to FortiADC version 6.1.7 or above\nPlease upgrade to FortiNDR version 7.0.0 or above\nPlease upgrade to FortiDDoS version 5.7.1 or above\nPlease upgrade to FortiDDoS version 5.6.2 or above\nPlease upgrade to FortiDDoS version 5.5.2 or above\nPlease upgrade to FortiDDoS version 5.4.3 or above\nPlease upgrade to FortiDDoS version 5.3.2 or above\nPlease upgrade to FortiDDoS-CM version 5.7.1 or above\nPlease upgrade to FortiDDoS-CM version 5.6.2 or above\nPlease upgrade to FortiDDoS-CM version 5.5.2 or above\nPlease upgrade to FortiDDoS-CM version 5.4.3 or above\nPlease upgrade to FortiDDoS-CM version 5.3.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-36193",
"datePublished": "2022-02-02T11:19:47",
"dateReserved": "2021-07-06T00:00:00",
"dateUpdated": "2026-01-13T16:32:40.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…