At a glance:
| IR Number | FG-IR-20-177 |
| Date | Jan 4, 2021 |
| Risk |
|
| CVSSv3 Score | 8.1 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2020-29017 |
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiDeceptor is impacted by an OS command injection vulnerability
Summary
An OS command injection vulnerability in FortiDeceptor may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.
Affected Products
FortiDeceptor versions 3.1.0 and below.
FortiDeceptor versions 3.0.1 and below.
Solutions
Please upgrade to FortiDeceptor versions 3.2.0 or above.
Please upgrade to FortiDeceptor versions 3.1.1 or above.
Please upgrade to FortiDeceptor versions 3.0.2 or above.
Acknowledgement
Fortinet is pleased to thank Chua Wei Kiat for finding and reporting this issue.