PSIRT Advisories

FortiADC -- Read-Only user able to modify system files


An improper privilege management vulnerability [CWE-269] in FortiADC may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.

Affected Products

FortiADC version 6.2.1 and below.
FortiADC version 6.1.5 and below.
FortiADC version 6.0.4 and below.
FortiADC version 5.4.5 and below.
FortiADC version 5.3.7 and below.


Please upgrade to FortiADC version 6.2.2 or above.
Please upgrade to FortiADC version 7.0.0 or above.


Fortinet is pleased to thank Danilo Costa from Conviso Application Security for reporting this vulnerability under responsible disclosure.