CVE-2023-25602

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.4 and earlier FortiWeb versions 6.3.17 and earlier FortiWeb versions 6.2.6 and earlier FortiWeb versions 6.1.2 and earlier FortiWeb versions 6.0.7 and earlier FortiWeb versions 5.9.1 and earlier FortiWeb 5.8 all versions FortiWeb 5.7 all versions FortiWeb 5.6 all versions

Description A stack-based buffer overflow in FortiWeb allows an attacker to execute unauthorized code or commands via specially crafted command arguments. The vulnerability is related to a buffer overflow in memory, which can be exploited by an attacker to execute arbitrary code using specially crafted command arguments.

Recommendations For FortiWeb versions 6.4 and earlier, update to a version that contains a fix for this issue. For FortiWeb versions 6.3.17 and earlier, update to a version that contains a fix for this issue. For FortiWeb versions 6.2.6 and earlier, update to a version that contains a fix for this issue. For FortiWeb versions 6.1.2 and earlier, update to a version that contains a fix for this issue. For FortiWeb versions 6.0.7 and earlier, update to a version that contains a fix for this issue. For FortiWeb versions 5.9.1 and earlier, update to a version that contains a fix for this issue. For FortiWeb 5.8 all versions, update to a version that contains a fix for this issue. For FortiWeb 5.7 all versions, update to a version that contains a fix for this issue. For FortiWeb 5.6 all versions, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of specially crafted command arguments until a patch is available.