PSIRT Advisory
FortiDeceptor is impacted by an OS command injection vulnerability
Summary
An OS command injection vulnerability in FortiDeceptor may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.
Impact
Execute unauthorized code or commands
Affected Products
FortiDeceptor versions 3.1.0 and below.
FortiDeceptor versions 3.0.1 and below.
Solutions
Please upgrade to FortiDeceptor versions 3.2.0 or above.
Please upgrade to FortiDeceptor versions 3.1.1 or above.
Please upgrade to FortiDeceptor versions 3.0.2 or above.
Acknowledgement
Fortinet is pleased to thank Chua Wei Kiat for finding and reporting this issue.