FortiWeb - Multiple stack-based buffer overflow vulnerabilities in CLI command

FortiWeb - Multiple stack-based buffer overflow vulnerabilities in CLI command

Summary

Multiple stack-based buffer overflow vulnerabilities in FortiWeb CLI interface may allow an authenticated attacker to execute unauthorized code or commands via `config backup` arguments.

Affected Products

FortiWeb version 6.3.14 or below
FortiWeb version 6.2.4 or below 

Solutions

Upgrade to FortiWeb 6.4.0 or above

Upgrade to FortiWeb 6.3.15 or above

Upgrade to FortiWeb 6.2.5 or above
 

Acknowledgement

Internally discovered and reported by Mattia Fecit of Fortinet PSIRT team.