FortiWeb - format string vulnerability in the CLI


A format string vulnerability [CWE-134] in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.

Version Affected Solution
FortiWeb 7.0 7.0.0 through 7.0.1 Upgrade to 7.0.2 or above
FortiWeb 6.4 6.4 all versions Migrate to a fixed release


Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.