PSIRT Advisories

FortiOS - Privilege escalation via switch-control CLI command


An improper neutralization of special elements used in an os command [CWE-78] vulnerability in FortiOS may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.

Affected Products

FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0 through 7.0.3


Upgrade to FortiOS version 7.0.7 or above
Upgrade to FortiOS version 6.4.9 or above
Upgrade to FortiOS version 6.2.11 or above
Upgrade to FortiOS version 6.0.15 or above