Headline
CVE-2023-25602: Fortiguard
A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.
** PSIRT Advisories**
FortiWeb - Stack-based Buffer Overflow in command line interpreter
Summary
A stack-based buffer overflow [CWE-121] in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
Affected Products
FortiWeb 6.4 all versions.
FortiWeb versions 6.3.17 and earlier.
FortiWeb versions 6.2.6 and earlier.
FortiWeb versions 6.1.2 and earlier.
FortiWeb versions 6.0.7 and earlier.
FortiWeb versions 5.9.1 and earlier.
FortiWeb 5.8 all versions
FortiWeb 5.7 all versions
FortiWeb 5.6 all versions
Solutions
Please upgrade to FortiWeb version 7.0.0 or above
Please upgrade to FortiWeb version 6.3.18 or above
Please upgrade to FortiWeb version 6.2.7 or above
Please upgrade to FortiWeb version 6.1.3 or above
Please upgrade to FortiWeb version 6.0.8 or above
Please upgrade to FortiWeb version 5.9.2 or above
Acknowledgement
Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security Team.