FortiDeceptor is impacted by an OS command injection vulnerability
An OS command injection vulnerability in FortiDeceptor may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.
Execute unauthorized code or commands
FortiDeceptor versions 3.1.0 and below.
FortiDeceptor versions 3.0.1 and below.
Please upgrade to FortiDeceptor versions 3.2.0 or above.
Please upgrade to FortiDeceptor versions 3.1.1 or above.
Please upgrade to FortiDeceptor versions 3.0.2 or above.
Fortinet is pleased to thank Chua Wei Kiat for finding and reporting this issue.