Arbitrary Code Execution Vulnerabilities in FortiWeb API Controllers

Arbitrary Code Execution Vulnerabilities in FortiWeb API Controllers

CVE-2021-36194 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests.

Learn more about our Web App Pen Testing.