Buffer overflow in administrative interface


A stack-based buffer overflow [CWE-121] vulnerability in FortiOS administrative interface may allow a privileged attacker to execute arbitrary code or commands via crafted HTTP or HTTPs requests.

Version Affected Solution
FortiOS 7.4 7.4.0 through 7.4.1 Upgrade to 7.4.2 or above
FortiOS 7.2 7.2.1 through 7.2.7 Upgrade to 7.2.8 or above
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool


Internally discovered and reported by Théo Leleu of Fortinet Product Security team.


2024-05-14: Initial publication