FortiWAN - Stack-based buffer overflow in bmstatd


Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests.

Affected Products

FortiWAN version 4.5.8 and below.


Upgrade to upcoming FortiWAN version 4.5.9.


Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.