Vulnerabilities > CVE-2020-29016 - Out-of-bounds Write vulnerability in Fortinet Fortiweb

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

fortinet

CWE-787

NVD

Published: 2021-01-14

Updated: 2021-01-20

Summary

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortiweb 4.4.4 Fortinet Fortiweb 5.0.0 Fortinet Fortiweb 5.0.1 Fortinet Fortiweb 5.0.2 Fortinet Fortiweb 5.0.3 Fortinet Fortiweb 5.0.4 Fortinet Fortiweb 5.1.0 Fortinet Fortiweb 5.1.1 Fortinet Fortiweb 5.1.2 Fortinet Fortiweb 5.1.3 Fortinet Fortiweb 5.1.4 Fortinet Fortiweb 5.2.0 Fortinet Fortiweb 5.2.1 Fortinet Fortiweb 5.2.2 Fortinet Fortiweb 5.2.3 Fortinet Fortiweb 5.2.4 Fortinet Fortiweb 5.3.0 Fortinet Fortiweb 5.3.1 Fortinet Fortiweb 5.3.2 Fortinet Fortiweb 5.3.3 Fortinet Fortiweb 5.3.4 Fortinet Fortiweb 5.3.5 Fortinet Fortiweb 5.3.6 Fortinet Fortiweb 5.3.7 Fortinet Fortiweb 5.3.8 Fortinet Fortiweb 5.3.9 Fortinet Fortiweb 5.4.0 Fortinet Fortiweb 5.4.1 Fortinet Fortiweb 5.5.0 Fortinet Fortiweb 5.5.1 Fortinet Fortiweb 5.5.2 Fortinet Fortiweb 5.5.3 Fortinet Fortiweb 5.5.4 Fortinet Fortiweb 5.5.5 Fortinet Fortiweb 5.5.6 Fortinet Fortiweb 5.6.0 Fortinet Fortiweb 5.6.1 Fortinet Fortiweb 5.7.0 Fortinet Fortiweb 5.7.1 Fortinet Fortiweb 5.7.2 Fortinet Fortiweb 5.8.0 Fortinet Fortiweb 5.8.1 Fortinet Fortiweb 5.8.2 Fortinet Fortiweb 5.8.3 Fortinet Fortiweb 5.8.4 Fortinet Fortiweb 5.8.5 Fortinet Fortiweb 5.8.6 Fortinet Fortiweb 5.9.0 Fortinet Fortiweb 5.9.1 Fortinet Fortiweb 6.0.0 Fortinet Fortiweb 6.0.1 Fortinet Fortiweb 6.0.2 Fortinet Fortiweb 6.0.3 Fortinet Fortiweb 6.0.4 Fortinet Fortiweb 6.0.5 Fortinet Fortiweb 6.1.0 Fortinet Fortiweb 6.1.1 Fortinet Fortiweb 6.2.0 Fortinet Fortiweb 6.2.1 Fortinet Fortiweb 6.2.2 Fortinet Fortiweb 6.3.0 Fortinet Fortiweb 6.3.5	62

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.fortiguard.com/psirt/FG-IR-20-125