Buffer overflow in execute backup-local command
Summary
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename
and execute backup-local show
operations.
Affected Products
FortiWeb version 7.0.0 through 7.0.1
FortiWeb version 6.3.6 through 6.3.19
FortiWeb 6.4 all versions
Solutions
Please upgrade to FortiWeb version 7.0.2 or above
Please upgrade to FortiWeb version 6.3.20 or above