What is CVE-2021-36193?

CVE-2021-36193 is a medium-severity vulnerability in Fortinet Fortiadc, classified under Stack-based Buffer Overflow. CVSS score: 6.3/10. Published 2022-02-02.

How severe is CVE-2021-36193?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Buffer overflow in Fortinet Fortiadc

CVE-2021-36193

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

Vulnerability class: Buffer Overflow

EPSS: 0.005 (66.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C.

Affected products

Fortinet Fortiadc — versions 7.0.0, 6.2.0, 6.1.0
Fortinet Fortiddos — versions 5.7.0, 5.6.0, 5.5.0
Fortinet Fortiddos-cm — versions 5.5.0, 5.4.0, 5.3.0
Fortinet Fortiddos-f — versions 6.3.0, 6.2.0, 6.1.0
Fortinet Fortifone — versions 3.0.0
Fortinet Fortimail — versions 7.0.0, 6.4.0, 6.2.0
Fortinet Fortindr — versions 1.5.0, 1.4.0, 1.3.0
Fortinet Fortirecorder — versions 6.4.0, 6.0.0, 2.7.0
Fortinet Fortivoice — versions 6.4.0, 6.0.0
Fortinet Fortiweb — versions 6.4.0, 6.3.0

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

https://fortiguard.com/advisory/FG-IR-21-132

Frequently asked questions

What is CVE-2021-36193?: CVE-2021-36193 is a medium-severity vulnerability in Fortinet Fortiadc, classified under Stack-based Buffer Overflow. CVSS score: 6.3/10. Published 2022-02-02.
How severe is CVE-2021-36193?: Medium severity. CVSS v3 base score is 6.3 out of 10.