PSIRT Advisories

FortiADC - OS command injection vulnerability in CLI


An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiADC may allow an authenticated attacker to execute arbitrary shell code as `root` via CLI commands.

Affected Products

At least
FortiADC version 7.0.0 through 7.0.1
FortiADC version 6.2.0 through 6.2.3
FortiADC 6.1 all versions
FortiADC 6.0 all versions
FortiADC 5.4 all versions
FortiADC 5.3 all versions
FortiADC 5.2 all versions
FortiADC 5.1 all versions
FortiADC 5.0 all versions


Please upgrade to FortiADC version 7.0.2 or above,

Please upgrade to FortiADC version 6.2.4 or above.


Internally discovered and reported by Théo Leleu of Fortinet Product Security team.