PSIRT Advisory

FortiDeceptor is impacted by an OS command injection vulnerability

Summary

An OS command injection vulnerability in FortiDeceptor may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.

Impact

Execute unauthorized code or commands

Affected Products

FortiDeceptor versions 3.1.0 and below.

FortiDeceptor versions 3.0.1 and below.

Solutions

Please upgrade to FortiDeceptor versions 3.2.0 or above.

Please upgrade to FortiDeceptor versions 3.1.1 or above.

Please upgrade to FortiDeceptor versions 3.0.2 or above.

Acknowledgement

Fortinet is pleased to thank Chua Wei Kiat for finding and reporting this issue.