An improper privilege management vulnerability [CWE-269] in FortiADC and FortiDDoS-F may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.
Affected ProductsAt least
FortiADC version 6.2.0 through 6.2.1
FortiADC version 6.1.0 through 6.1.5
FortiADC 6.0 all versions
FortiADC 5.4 all versions
FortiADC 5.3 all versions
FortiDDoS-F version 6.3.0
Please upgrade to FortiADC version 6.2.2 or above.
Please upgrade to FortiADC version 7.0.0 or above.
Please upgrade to FortiDDoS-F version 6.3.1 or above
Please upgrade to FortiDDoS-F version 6.2.3 or above
Please upgrade to FortiDDoS-F version 6.1.5 or above