Fortinet Connect admin able to gain root access


A webui administrator may create a new theme that performs arbitrary code execution on the system.

Affected Products

Fortinet Connect 14.2, 14.10, 15.10 and 16.7


A patch is available for the following Fortinet Connect versions: * * * * Please contact Fortinet TAC support to have access to the patches.


Fortinet is pleased to thank Spencer Lowe for reporting this vulnerability under responsible disclosure