PSIRT Advisories

FortiWAN - OS command injection leads to privilege escalation

Summary

An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.

Affected Products

FortiWAN versions 4.5.7 and below.

Solutions

Please upgrade to FortiWAN version 4.5.8 or above. 
 

Acknowledgement

Fortinet is pleased to thank Resecurity, Inc for bringing this issue to our attention under responsible disclosure.