Headline
CVE-2022-33871: Fortiguard
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show operations.
** PSIRT Advisories**
FortiWeb - Buffer overflow in execute backup-local command
Summary
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.
Affected Products
FortiWeb version 7.0.0 through 7.0.1
FortiWeb version 6.3.6 through 6.3.19
FortiWeb 6.4 all versions
Solutions
Please upgrade to FortiWeb version 7.0.2 or above
Please upgrade to FortiWeb version 6.3.20 or above
Acknowledgement
Internally discovered and reported by Giulia Clerici of the Fortinet Product Security team.