FortiExtender OS command injection through execute date CLI command
An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands.
OS command injection
FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below
Upgrade to FortiExtender 4.0.1 or 4.1.2
2019-10-28 Initial version
2019-11-01 Add 4.0 branch fix information.
Fortinet is pleased to thank "NYC Cyber Command" for reporting this vulnerability under responsible disclosure.