PSIRTOS command injection vulnerability
Summary
An OS command injection vulnerability in FortiWeb and FortiADC management interface may allow a remote authenticated administrator to execute arbitrary commands on the system via the SAML server configuration page.
| Version | Affected | Solution |
|---|---|---|
| FortiADC 6.2 | 6.2.0 | Upgrade to 6.2.1 or above |
| FortiADC 6.1 | 6.1.0 through 6.1.3 | Upgrade to 6.1.4 or above |
| FortiADC 6.0 | 6.0.0 through 6.0.3 | Upgrade to 6.0.4 or above |
| FortiADC 5.4 | Not affected | Not Applicable |
| FortiADC 5.3 | Not affected | Not Applicable |
| FortiADC 5.2 | Not affected | Not Applicable |
| FortiADC 5.1 | Not affected | Not Applicable |
| FortiADC 5.0 | Not affected | Not Applicable |
| FortiADC 4.8 | Not affected | Not Applicable |
| FortiWeb 6.4 | 6.4.0 | Upgrade to 6.4.1 or above |
| FortiWeb 6.3 | 6.3.0 through 6.3.14 | Upgrade to 6.3.15 or above |
| FortiWeb 6.2 | 6.2.0 through 6.2.4 | Upgrade to 6.2.5 or above |
| FortiWeb 6.1 | Not affected | Not Applicable |
| FortiWeb 6.0 | Not affected | Not Applicable |
| FortiWeb 5.9 | Not affected | Not Applicable |
| FortiWeb 5.8 | Not affected | Not Applicable |