- Description
- A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests.
- Source
- psirt@fortinet.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1EC1014F-44DE-4FC7-B0A7-82BEA9A443F2",
"versionEndExcluding": "6.3.20",
"versionStartIncluding": "6.3.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6B93ABE-8620-4253-83C0-3D2228D20118",
"versionEndIncluding": "6.4.2",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9054E8B0-2CF0-4DD3-8D5A-34C399F7C20D",
"versionEndExcluding": "7.0.2",
"versionStartIncluding": "7.0.0"
}
],
"operator": "OR"
}
]
}
]