FortiOS and FortiProxy - Privilege escalation vulnerability using the automation script feature
An improper access control vulnerability [CWE-284] in FortiOS and FortiProxy autod daemon may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.
FortiOS version 7.0.0
FortiOS versions 6.4.6 and below.
FortiOS versions 6.2.9 and below.
FortiOS versions 6.0.12 and below.
FortiOS 5.6 all versions
FortiProxy versions 2.0.1 and below.
FortiProxy versions 1.2.9 and below.
FortiProxy versions 1.1.x
FortiProxy versions 1.0.x
Please upgrade to FortiOS version 7.0.1 or above.
Please upgrade to FortiOS version 6.4.7 or above.
Please upgrade to FortiOS version 6.2.10 or above.
Please upgrade to FortiOS version 6.0.13 or above.
For new high-end F-Series Models (FG-1800F, FG-3800F, FG-4200F, FG-4400F) please upgrade to 6.2.9
Please upgrade to FortiProxy version 2.0.2 or above.
Please upgrade to FortiProxy version 1.2.10 or above.