PSIRT Advisories

FortiWeb - Double free in pipe management


A double free vulnerability (CWE-415) in FortiWeb CLI may allow an authenticated, local attacker to achieve arbitrary code execution via specifically crafted commands

Affected Products

FortiWeb version 7.0.0 through 7.0.3


Please upgrade to FortiWeb version 7.2.0 or above
Please upgrade to FortiWeb version 7.0.4 or above


Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.