CVE-2022-33871
MEDIUMFortiWeb <=7.0.1/6.4/6.3.19 Authenticated Stack Overflow via CLI Backup
Title source: llmDescription
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://fortiguard.com/psirt/FG-IR-22-164
Scores
CVSS v3
6.6
EPSS
0.0115
EPSS Percentile
78.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
CWE-787
Status
published
Products (6)
fortinet/fortiweb
6.4.0
fortinet/fortiweb
6.4.1
fortinet/fortiweb
6.4.2
fortinet/fortiweb
7.0.0
fortinet/fortiweb
7.0.1
fortinet/fortiweb
6.3.6 - 6.3.20
Published
Feb 16, 2023
Tracked Since
Feb 18, 2026