Fortiweb 20210108 技術通報

針對近期 FortiWeb 被掃描到的 CVE 漏洞,
目前原廠已釋出安全性更新,於 Fortiguard 官網站中列出。
解決方法建議如下:

  1. 建議儘速更新韌體至6.3.8以上。
  2. 避免FortiWeb管理介面暴露於外網。

CVE詳細敘述 :

CVE-2020-29015
FortiWeb is vulnerable to a blind SQL injection

Solutions
Please upgrade to FortiWeb versions 6.3.8 or above.
Please upgrade to FortiWeb versions 6.2.4 or above.

https://www.fortiguard.com/psirt/%20FG-IR-20-124

CVE-2020-29016
Stack-Based Buffer Overflow vulnerability in FortiWeb

Solutions
Please upgrade to FortiWeb versions 6.3.6 or above.
Please upgrade to FortiWeb versions 6.2.4 or above.

https://www.fortiguard.com/psirt/FG-IR-20-125

CVE-2020-29018
FortiWeb is vulnerable to a Format string vulnerability

Solutions
Please upgrade to FortiWeb versions 6.3.6 or above.

https://www.fortiguard.com/psirt/FG-IR-20-123

CVE-2020-29019
FortiWeb is vulnerable to a buffer overflow.

Solutions
Please upgrade to FortiWeb versions 6.3.8 or above.
Please upgrade to FortiWeb versions 6.2.4 or above.

https://www.fortiguard.com/psirt/%20FG-IR-20-126