PSIRT Advisories

FortiADC - Path traversal vulnerability in CLI


A relative path traversal vulnerability [CWE-23] in FortiADC may allow a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.

Affected Products

FortiADC version 7.2.0
FortiADC version 7.1.0 through 7.1.1
FortiADC 7.0 all versions
FortiADC 6.2 all versions
FortiADC 6.1 all versions
FortiADC 6.0 all versions
FortiADC 5.4 all versions
FortiADC 5.3 all versions
FortiADC 5.2 all versions


Please upgrade to FortiADC version 7.2.1 or above
Please upgrade to FortiADC version 7.1.2 or above


Internally discovered and reported by Théo Leleu of Fortinet Product Security team.


2023-04-25: Initial publication