| IR Number | FG-IR-20-177 |
| Date | Jan 4, 2021 |
| Severity |
High |
| CVSSv3 Score | 8.6 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2020-29017 |
| Affected Products |
FortiDeceptor
:
4.0.0, 3.3.1, 3.3.0, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 2.1.0, 2.0.0, 1.1.0, 1.0.1, 1.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiDeceptor - OS command injection vulnerabilities
Summary
Multiple OS command injection vulnerabilities in FortiDeceptor management interface may allow an authenticated user to execute arbitrary commands on the system via specifically crafted web requests.
Affected Products
FortiDeceptor version 4.0.0.
FortiDeceptor versions 3.3.1 and below.
FortiDeceptor versions 3.2.1 and below.
FortiDeceptor versions 3.1.x.
FortiDeceptor versions 3.0.x
FortiDeceptor versions 1.x.
Solutions
Please upgrade to FortiDeceptor versions 4.1.0 or above.
Please upgrade to FortiDeceptor versions 3.3.2 or above.
Please upgrade to FortiDeceptor versions 3.2.2 or above.