CVE-2021-44170
MEDIUMFortiProxy < 1.0.7 and FortiOS < 6.0.14 - Authenticated Stack-Based Buffer Overflow via Command Line Arguments
Title source: llmDescription
A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/psirt/FG-IR-21-179
Scores
CVSS v3
6.7
EPSS
0.0013
EPSS Percentile
31.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (2)
fortinet/fortios
6.0.0 - 6.0.14
fortinet/fortiproxy
1.0.0 - 1.0.7
Published
Jul 18, 2022
Tracked Since
Feb 18, 2026