FortiWeb - Double free in pipe management


A double free vulnerability (CWE-415) in FortiWeb CLI may allow an authenticated, local attacker to achieve arbitrary code execution via specifically crafted commands

Version Affected Solution
FortiWeb 7.2 Not affected Upgrade to 7.2.0 or above
FortiWeb 7.0 7.0.0 through 7.0.3 Upgrade to 7.0.4 or above


Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.