FortiWAN - OS command injection leads to privilege escalation


An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.

Affected Products

FortiWAN versions 4.5.7 and below.


Please upgrade to FortiWAN version 4.5.8 or above.


Fortinet is pleased to thank Resecurity, Inc for bringing this issue to our attention under responsible disclosure.