FortiWeb Multiple High-Risk Vulnerabilities Alert

by ddos ·

On January 04, 2021, FortiWeb issued a risk notice for multiple high-risk vulnerabilities in FortiWeb. The vulnerability numbers are CVE-2020-29015, CVE-2020-29016, CVE-2020-29019, and CVE-2020-29018.

Vulnerability Detail

CVE-2020-29015

A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.

CVE-2020-29016

A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.

CVE-2020-29018

A format string vulnerability in FortiWeb may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.

CVE-2020-29019

A stack-based buffer overflow vulnerability in FortiWeb may allow a remote, authenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.

Affected version

  • FortiWeb: <=6.2.3
  • FortiWeb: <=6.3.7

Solution

In this regard, we recommend that users upgrade FortiWeb to the latest version in time.

Tags: CVE-2020-29015CVE-2020-29016CVE-2020-29018CVE-2020-29019