A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files.
Metrics
CVSS Version: 3.1 |
Base Score: 6.1 MEDIUM Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
l➤ Exploitability Metrics: Attack Vector (AV)* ADJACENT_NETWORK Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-121 CWE Name: Denial of service Source: Fortinet
Common Attack Pattern Enumeration and Classification (CAPEC)