Unprivileged, authenticated user can change the routing settings
Summary
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.
Affected Products
FortiOS version 6.0.0 through 6.0.2FortiOS version 5.6.0 through 5.6.7
FortiOS version 5.4.0 through 5.4.10
FortiOS version 5.2.0 through 5.2.12
FortiOS 5.0 all versions
FortiOS 4.3 all versions
FortiOS 4.2 all versions
FortiOS 4.1 all versions
FortiOS 4.0 all versions
Solutions
Upgrade to FortiOS version 6.0.3 or above Upgrade to FortiOS version 5.6.8 and above Upgrade to upcoming FortiOS version 5.4.11 and aboveAcknowledgement
Fortinet thanks Thomas Hochmuth for reporting this vulnerability.