CVE-2021-22129

CVSS 8.8 HIGHEPSS 1.1%

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

09 Jul 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Fortinet · Fortinet FortiMail

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/advisory/FG-IR-21-023