The vulnerability of FortiWeb web applications’ network firewalls, related to writing data beyond the buffer in memory, allows attackers to execute arbitrary code.

🗓️ 30 Mar 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

FortiWeb network firewalls are vulnerable to buffer overflow, enabling arbitrary code execution.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2020-29016	14 Jan 202118:49	–	circl
CNNVD	Fortinet FortiWeb 缓冲区错误漏洞	6 Jan 202100:00	–	cnnvd
CNVD	FortiWeb Stack Buffer Overflow Vulnerability	15 Jan 202100:00	–	cnvd
CVE	CVE-2020-29016	14 Jan 202116:04	–	cve
Cvelist	CVE-2020-29016	14 Jan 202116:04	–	cvelist
EUVD	EUVD-2020-21398	7 Oct 202500:30	–	euvd
Fortinet	FortiWeb - Stack-Based Buffer Overflow vulnerability	4 Jan 202100:00	–	fortinet
Tenable Nessus	Fortinet FortiWeb ] Stack-Based Buffer Overflow vulnerability using a crafted request (FG-IR-20-125)	26 Oct 202400:00	–	nessus
NVD	CVE-2020-29016	14 Jan 202116:15	–	nvd
Prion	Stack overflow	14 Jan 202116:15	–	prion

Vulners

Node

fortinet fortiwebRange≤6.2.3

OR

fortinet fortiwebRange6.3.0–6.3.5

Source	Link
securitylab	www.securitylab.ru/news/515284.php
fortiguard	www.fortiguard.com/psirt/FG-IR-20-125
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-29016
web	www.web.nvd.nist.gov/view/vuln/detail
fortiguard	www.fortiguard.com/psirt/FG-IR-20-125

30 Mar 2021 00:00Current

8.4High risk

Vulners AI Score8.4

CVSS 27.5

CVSS 39.8

EPSS0.03301

FortiWeb buffer overflow arbitrary code crafted request