FortiAI - OS command injection due to improper input sanitization

FortiAI - OS command injection due to improper input sanitization

Summary

An improper input validation in FortiAI v1.4.0 may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.

Impact

Execution of arbitrary code

Affected Products

Any FortiAI firmware less than or equal to v1.4.0 is impacted.

Solutions

Upgrade the FortiAI firmware to any version greater than or equal to v1.5.0