Multiple stack-based buffer overflow vulnerabilities in CLI command
Summary
Multiple stack-based buffer overflow vulnerabilities in FortiWeb CLI interface may allow an authenticated attacker to execute unauthorized code or commands via config backup
arguments.
Affected Products
FortiWeb version 6.3.14 or below
FortiWeb version 6.2.4 or below
Solutions
Upgrade to FortiWeb 6.4.0 or above
Upgrade to FortiWeb 6.3.15 or above
Upgrade to FortiWeb 6.2.5 or above
Acknowledgement
Internally discovered and reported by Fortinet PSIRT.Timeline
2021-09-07: Initial publication