CVE-2024-21758

Feb. 18, 2025, 10:15 p.m.

6.4
Medium

Description

A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections.

Product(s) Impacted

Product Versions
Fortinet FortiWeb
  • ['7.2.0 - 7.2.7', '7.4.0 - 7.4.1']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-458

Tags

CWE-120
CWE-121
psirt@fortinet.com
2025-01-14
CVE-2024-21758

CVSS Score

6.4 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: HIGH
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Jan. 14, 2025, 2:15 p.m.
Last Modified: Feb. 18, 2025, 10:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@fortinet.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.