==================================================================== CERT-Renater Note d'Information No. 2021/VULN016 _____________________________________________________________________ DATE : 12/01/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running FortiWeb versions prior to 6.3.8, 6.2.4. ===================================================================== https://www.fortiguard.com/psirt/FG-IR-20-123 https://www.fortiguard.com/psirt/%20FG-IR-20-126 https://www.fortiguard.com/psirt/FG-IR-20-125 https://www.fortiguard.com/psirt/%20FG-IR-20-124 _____________________________________________________________________ IR Number FG-IR-20-123 Date Jan 04, 2021 Risk CVSSv3 Score 5.3 Impact Execute unauthorized code or commands CVE ID CVE-2020-29018 CVRF Download FortiWeb is vulnerable to a Format string vulnerability Summary A format string vulnerability in FortiWeb may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. Impact Execute unauthorized code or commands Affected Products FortiWeb versions 6.3.5 and below. Solutions Please upgrade to FortiWeb versions 6.3.6 or above. Acknowledgement Fortinet is pleased to thank Andrey Medov from ptsecurity for reporting this vulnerability under responsible disclosure. _____________________________________________________________________ IR Number FG-IR-20-126 Date Jan 04, 2021 Risk CVSSv3 Score 6.4 Impact Denial of service CVE ID CVE-2020-29019 FortiWeb is vulnerable to a buffer overflow. Summary A stack-based buffer overflow vulnerability in FortiWeb may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header. Impact Denial of service Affected Products FortiWeb versions 6.3.7 and below. FortiWeb versions 6.2.3 and below. Solutions Please upgrade to FortiWeb versions 6.3.8 or above. Please upgrade to FortiWeb versions 6.2.4 or above. Acknowledgement Fortinet is pleased to thank Andrey Medov from ptsecurity for reporting this vulnerability under responsible disclosure. _____________________________________________________________________ IR Number FG-IR-20-125 Date Jan 04, 2021 Risk CVSSv3 Score 6.4 Impact Execute unauthorized code or commands CVE ID CVE-2020-29016 CVRF Download Stack-Based Buffer Overflow vulnerability in FortiWeb Summary A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname. Impact Execute unauthorized code or commands Affected Products FortiWeb versions 6.3.5 and below. FortiWeb versions 6.2.3 and below. Solutions Please upgrade to FortiWeb versions 6.3.6 or above. Please upgrade to FortiWeb versions 6.2.4 or above. Acknowledgement Fortinet is pleased to thank Andrey Medov from ptsecurity for reporting this vulnerability under responsible disclosure. _____________________________________________________________________ IR Number FG-IR-20-124 Date Jan 04, 2021 Risk CVSSv3 Score 6.4 Impact Execute unauthorized code or commands CVE ID CVE-2020-29015 CVRF Download FortiWeb is vulnerable to a blind SQL injection Summary A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement. Impact Execute unauthorized code or commands Affected Products FortiWeb versions 6.3.7 and below. FortiWeb versions 6.2.3 and below. Solutions Please upgrade to FortiWeb versions 6.3.8 or above. Please upgrade to FortiWeb versions 6.2.4 or above. Acknowledgement Fortinet is pleased to thank Andrey Medov from ptsecurity for reporting this vulnerability under responsible disclosure. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================