CVE-2024-21758

Name of the Vulnerable Software and Affected Versions FortiWeb versions 7.2.0 through 7.2.7 FortiWeb versions 7.4.0 through 7.4.1

Description A stack-based buffer overflow in the command-line interface (CLI) of FortiWeb may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections. This issue is related to a buffer overflow in memory, which can be exploited to bypass security restrictions and execute arbitrary commands.

Recommendations For FortiWeb versions 7.2.0 through 7.2.7, update to a version that fixes the buffer overflow issue. For FortiWeb versions 7.4.0 through 7.4.1, update to a version that fixes the buffer overflow issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.