FortiWAN - Stack-based buffer overflow in bmstatd

Summary

Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests.

Affected Products

FortiWAN version 4.5.8 and below.

Solutions

Upgrade to upcoming FortiWAN version 4.5.9.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.