Command injection in diagnose system df CLI command
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command.
Version | Affected | Solution |
---|---|---|
FortiADC 7.1 | 7.1.0 | Upgrade to 7.1.1 or above |
FortiADC 7.0 | 7.0.0 through 7.0.3 | Upgrade to 7.0.4 or above |
FortiADC 6.2 | 6.2.0 through 6.2.4 | Upgrade to 6.2.5 or above |
FortiADC 6.1 | 6.1 all versions | Migrate to a fixed release |
FortiADC 6.0 | 6.0 all versions | Migrate to a fixed release |
Timeline
2023-06-05: Initial publication