PSIRT Advisories

FortiWeb - format string vulnerability in the CLI


A format string vulnerability [CWE-134] in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.

Affected Products

FortiWeb version 7.0.0 through 7.0.1
FortiWeb 6.4 all versions


Please upgrade to FortiWeb version 7.0.2 or above


Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.