Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-42756: Fortiguard

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

CVE
#vulnerability#web#buffer_overflow#auth

** PSIRT Advisories**

FortiWeb - Stack-based buffer overflows in Proxyd

Summary

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in FortiWeb’s proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

Affected Products

FortiWeb versions 5.x all versions,
FortiWeb versions 6.0.7 and below,
FortiWeb versions 6.1.2 and below,
FortiWeb versions 6.2.6 and below,
FortiWeb versions 6.3.16 and below,
FortiWeb versions 6.4 all versions.

Solutions

Upgrade to FortiWeb 7.0.0 or above,
Upgrade to FortiWeb 6.3.17 or above,
Upgrade to FortiWeb 6.2.7 or above.
Upgrade to FortiWeb 6.1.3 or above.
Upgrade to FortiWeb 6.0.8 or above.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.

Related news

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. "A buffer underwrite ('buffer underflow') vulnerability in

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list is a severe bug residing in the FortiNAC network access control solution (CVE-2022-39952, CVSS score: 9.8)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907