OS command injection vulnerability

Summary

An OS command injection vulnerability in FortiWeb and FortiADC management interface may allow a remote authenticated administrator to execute arbitrary commands on the system via the SAML server configuration page.

Version Affected Solution
FortiADC 6.2 6.2.0 Upgrade to 6.2.1 or above
FortiADC 6.1 6.1.0 through 6.1.3 Upgrade to 6.1.4 or above
FortiADC 6.0 6.0.0 through 6.0.3 Upgrade to 6.0.4 or above
FortiWeb 6.4 6.4.0 Upgrade to 6.4.1 or above
FortiWeb 6.3 6.3.0 through 6.3.14 Upgrade to 6.3.15 or above
FortiWeb 6.2 6.2.0 through 6.2.4 Upgrade to 6.2.5 or above