Multiple stack-based buffer overflow vulnerabilities in CLI command

Summary

Multiple stack-based buffer overflow vulnerabilities in FortiWeb CLI interface may allow an authenticated attacker to execute unauthorized code or commands via config backup arguments.

Affected Products

FortiWeb version 6.3.14 or below
FortiWeb version 6.2.4 or below

Solutions

Upgrade to FortiWeb 6.4.0 or above
Upgrade to FortiWeb 6.3.15 or above
Upgrade to FortiWeb 6.2.5 or above

Acknowledgement

Internally discovered and reported by Fortinet PSIRT.

Timeline

2021-09-07: Initial publication