FortiWeb - Buffer overflow in execute backup-local command


A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.

Affected Products

FortiWeb version 7.0.0 through 7.0.1
FortiWeb version 6.3.6 through 6.3.19
FortiWeb 6.4 all versions


Please upgrade to FortiWeb version 7.0.2 or above
Please upgrade to FortiWeb version 6.3.20 or above


Internally discovered and reported by Giulia Clerici of the Fortinet Product Security team.