PSIRT Advisories
FortiWeb - format string vulnerability in the CLI
Summary
A format string vulnerability [CWE-134] in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
Major Version | Affected Products | Solutions |
---|---|---|
7.0 | FortiWeb version 7.0.0 through 7.0.1 | Please upgrade to FortiWeb version 7.0.2 or above |
6.4 | FortiWeb 6.4 all versions | Please upgrade to upper major version (check above line) |