Vulnerability Details CVE-2021-26112
Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 7.5
Products affected by CVE-2021-26112
-
cpe:2.3:a:fortinet:fortiwan:-
-
cpe:2.3:a:fortinet:fortiwan:4.1.1
-
cpe:2.3:a:fortinet:fortiwan:4.1.2
-
cpe:2.3:a:fortinet:fortiwan:4.1.3
-
cpe:2.3:a:fortinet:fortiwan:4.2.1
-
cpe:2.3:a:fortinet:fortiwan:4.2.2
-
cpe:2.3:a:fortinet:fortiwan:4.2.4
-
cpe:2.3:a:fortinet:fortiwan:4.2.5
-
cpe:2.3:a:fortinet:fortiwan:4.2.6
-
cpe:2.3:a:fortinet:fortiwan:4.2.7
-
cpe:2.3:a:fortinet:fortiwan:4.3.0
-
cpe:2.3:a:fortinet:fortiwan:4.3.1
-
cpe:2.3:a:fortinet:fortiwan:4.4.0
-
cpe:2.3:a:fortinet:fortiwan:4.4.1
-
cpe:2.3:a:fortinet:fortiwan:4.5.0
-
cpe:2.3:a:fortinet:fortiwan:4.5.1
-
cpe:2.3:a:fortinet:fortiwan:4.5.2
-
cpe:2.3:a:fortinet:fortiwan:4.5.3
-
cpe:2.3:a:fortinet:fortiwan:4.5.4
-
cpe:2.3:a:fortinet:fortiwan:4.5.5
-
cpe:2.3:a:fortinet:fortiwan:4.5.6
-
cpe:2.3:a:fortinet:fortiwan:4.5.7
-
cpe:2.3:a:fortinet:fortiwan:4.5.8