PSIRT Advisories

FortiExtender - Arbitrary command execution because of missing CLI input sanitization

Summary

An improper neutralization of special elements used in a command vulnerability ('Command Injection') [CWE-77] in FortiExtender may allow an authenticated user to raise its privileges to admin user via crafted arguments of the `execute` CLI command.

Affected Products

FortiExtender version 7.0.1 and below.
FortiExtender version 4.2.3 and below.
FortiExtender version 4.1.7 and below.

Solutions

Upgrade to FortiExtender version 7.0.2 or above.

Upgrade to FortiExtender version 4.2.4 or above.

Upgrade to FortiExtender version 4.1.8 or above.

Acknowledgement

Internally discovered and reported by Mattia Fecit of Fortinet PSIRT team.