FortiExtender - Arbitrary command execution because of missing CLI input sanitization
An improper neutralization of special elements used in a command vulnerability ('Command Injection') [CWE-77] in FortiExtender may allow an authenticated user to raise its privileges to admin user via crafted arguments of the `execute` CLI command.
FortiExtender version 7.0.1 and below.
FortiExtender version 4.2.3 and below.
FortiExtender version 4.1.7 and below.
Upgrade to FortiExtender version 7.0.2 or above.
Upgrade to FortiExtender version 4.2.4 or above.
Upgrade to FortiExtender version 4.1.8 or above.