{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2021-061.pdf"
    },
    "title": "Critical Vulnerabilities in FortiWeb",
    "serial_number": "2021-061",
    "publish_date": "05-11-2021 10:33:00",
    "description": "On November 2, 2021, a critical vulnerability was announced by Fortinet PSIRT. The vulnerability is tracked as CVE-2021-36186. Very little additional details are available about this vulnerability at this time.",
    "url_title": "2021-061",
    "content_markdown": "---\ntitle: 'Critical Vulnerabilities in\u00a0FortiWeb'\nversion: '1.0'\nnumber: '2021-061'\ndate: 'November 5, 2021'\n---\n\n_History:_\n\n* _05/11/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn November 2, 2021, a critical vulnerability was announced by Fortinet PSIRT. The vulnerability is tracked as CVE-2021-36186 [1, 2]. Very little additional details are available about this vulnerability at this time. \n\n# Technical Details\n\nA stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the content of the stack and potentially execute arbitrary code by sending crafted HTTP requests with large request parameter values.\n\n# Affected Products\n\nThis vulnerability affects the following versions:\n\n- FortiWeb version 6.4.0\n- FortiWeb versions 6.3.15 and below\n- FortiWeb versions 6.2.5 and below\n\n\n# Recommendations\n\nUpgrade to patched versions:\n\n- Upgrade to FortiWeb versions 6.4.1 or above.\n- Upgrade to FortiWeb versions 6.3.16 or above.\n- Upgrade to FortiWeb versions 6.2.6 or above.\n\nCERT-EU recommends updating the vulnerable application as soon as possible.\n\n## Workarounds and Mitigations\n\nThere are no known mitigations for this vulnerability.\n\n# References\n\n[1] <https://www.fortiguard.com/psirt/FG-IR-21-119>\n\n[2] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36186>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>05/11/2021 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On November 2, 2021, a critical vulnerability was announced by Fortinet PSIRT. The vulnerability is tracked as CVE-2021-36186 [1, 2]. Very little additional details are available about this vulnerability at this time. </p><h2 id=\"technical-details\">Technical Details</h2><p>A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the content of the stack and potentially execute arbitrary code by sending crafted HTTP requests with large request parameter values.</p><h2 id=\"affected-products\">Affected Products</h2><p>This vulnerability affects the following versions:</p><ul><li>FortiWeb version 6.4.0</li><li>FortiWeb versions 6.3.15 and below</li><li>FortiWeb versions 6.2.5 and below</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>Upgrade to patched versions:</p><ul><li>Upgrade to FortiWeb versions 6.4.1 or above.</li><li>Upgrade to FortiWeb versions 6.3.16 or above.</li><li>Upgrade to FortiWeb versions 6.2.6 or above.</li></ul><p>CERT-EU recommends updating the vulnerable application as soon as possible.</p><h3 id=\"workarounds-and-mitigations\">Workarounds and Mitigations</h3><p>There are no known mitigations for this vulnerability.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.fortiguard.com/psirt/FG-IR-21-119\">https://www.fortiguard.com/psirt/FG-IR-21-119</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36186\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36186</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}