An expert found multiple serious vulnerabilities in Fortinets FortiWeb web application firewall (WAF) that could expose corporate networks to hack. The flaws include a blind SQL injection, a stack-based buffer overflow issue, an overflow buffer overflow, and a format string vulnerability that could lead to the execution of unauthorized code or commands or denial-of-service (DoS) conditions. The vulnerabilities have been already addressed by Fortinet with the release of security patches. The vendor recommends the customers to upgrade to Fortinet versions: 6.2.4 or above to address the CVE-2020-29015 flaw.”]
Source: https://securityaffairs.co/wordpress/113129/hacking/fortinet-fortiweb-waf-flaws.html