Fortinet published 6 security advisories for its FortiWeb, FortiGate and FortiDeceptor products yesterday. According to information on the manufacturer's website, the resolved vulnerabilities could allow an attacker to gain access to sensitive data, cause a denial of service, or compromise an affected device.

Particular attention should be given to vulnerabilities in FortiWeb. Vulnerability CVE-2020-29016 allows a remote unauthorized user to overwrite the contents of the stack and potentially execute arbitrary code by sending a specially crafted request with a large certificate name.

The format string vulnerability CVE-2020-29018 allows an authorized user to read the contents of memory and retrieve sensitive data using the redir parameter and execute arbitrary code on a remote server.

A buffer overflow in FortiWeb CVE-2020-29019 allows a remote unauthorized user to crash the httpd daemon by sending a request with a specially crafted cookie header.

A blind SQL injection in the user interface of FortiWeb CVE-2020-29015 allows an unauthorized user to execute arbitrary SQL queries and, due to excessive privileges, expose sensitive data, including the administrator password hash.

All vulnerabilities in FortiWeb were discovered by Andrey Medov from Positive Technologies. To fix the vulnerabilities, you must install an update from the manufacturer's website.

Source: securitylab.ru