FortiOS - debug commands allow memory manipulation

FortiOS - debug commands allow memory manipulation

Summary

A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific
chains of `print str` and `cmd mem` cli commands to, respectively, read and write hexadecimal values to any memory address.

Affected Products

Any FortiGate version 7.0.0 or below is impacted.
Any FortiGate version 6.4.6 or below is impacted.
Any FortiGate version 6.2.9 or below is impacted.

Solutions

Upgrade FortiGate firmware with any version greater or equals to 7.0.1
Upgrade FortiGate firmware with any version greater or equals to 6.4.7

Acknowledgement

Fortinet is pleased to thank Orange CERT-CC team for reporting this vulnerability under responsible disclosure.