Format string vulnerability in the CLI
Summary
A format string vulnerability [CWE-134] in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
Version | Affected | Solution |
---|---|---|
FortiWeb 7.0 | 7.0.0 through 7.0.1 | Upgrade to 7.0.2 or above |
FortiWeb 6.4 | 6.4 all versions | Migrate to a fixed release |