CVE-2024-21758

A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-23-458

Configurations

No configuration.

History

18 Feb 2025, 22:15

Type	Values Removed	Values Added
CWE	~~CWE-120~~
Summary		(es) Un desbordamiento de búfer basado en pila en las versiones 7.2.0 a 7.2.7 y 7.4.0 a 7.4.1 de Fortinet FortiWeb puede permitir que un usuario privilegiado ejecute código arbitrario a través de comandos CLI especialmente manipulados, siempre que el usuario pueda evadir las protecciones de pila de FortiWeb.

14 Jan 2025, 15:15

Type	Values Removed	Values Added
CWE		CWE-120

14 Jan 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-14 14:15

Updated : 2025-02-18 22:15

NVD link : CVE-2024-21758

Mitre link : CVE-2024-21758

CVE.ORG link : CVE-2024-21758

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

6.4 /10