A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
Weakness
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fortiweb | Fortinet | 6.3.6 (including) | 6.3.23 (including) |
| Fortiweb | Fortinet | 6.4.0 (including) | 6.4.3 (including) |
| Fortiweb | Fortinet | 7.0.0 (including) | 7.0.6 (including) |
| Fortiweb | Fortinet | 7.2.0 (including) | 7.2.1 (including) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/1.html
- https://cwe.mitre.org/data/definitions/107.html
- https://cwe.mitre.org/data/definitions/127.html
- https://cwe.mitre.org/data/definitions/17.html
- https://cwe.mitre.org/data/definitions/20.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/237.html
- https://cwe.mitre.org/data/definitions/36.html
- https://cwe.mitre.org/data/definitions/477.html
- https://cwe.mitre.org/data/definitions/480.html
- https://cwe.mitre.org/data/definitions/51.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/59.html
- https://cwe.mitre.org/data/definitions/65.html
- https://cwe.mitre.org/data/definitions/668.html
- https://cwe.mitre.org/data/definitions/74.html
- https://cwe.mitre.org/data/definitions/87.html