CVE-2022-33871
16.02.2023, 19:15
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortiweb | 6.3.6 ≤ 𝑥 < 6.3.20 |
| fortinet | fortiweb | 6.4.0 |
| fortinet | fortiweb | 6.4.1 |
| fortinet | fortiweb | 6.4.2 |
| fortinet | fortiweb | 7.0.0 |
| fortinet | fortiweb | 7.0.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.