CVE-2021-22129

CVE Database · CVE-2021-22129

CVE-2021-22129

· HIGHModified

CVSS v3.1

8.8

EPSS

1.09%

Published

Jul 9, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-120

Affected Products (4)

fortinet · fortimailvulnerable

fortinet · fortimail (up to 6.0.11)vulnerable

fortinet · fortimail (up to 6.2.7)vulnerable

fortinet · fortimail (up to 6.4.5)vulnerable

References (2)

https://fortiguard.com/advisory/FG-IR-21-023

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-21-023

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs