PSIRT Advisories

FortiTester - Unauthenticated command injection

Summary

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console, Telnet, and SSH login components of FortiTester may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

Affected Products

FortiTester version 7.1.0
FortiTester version 7.0.0
FortiTester version 4.2.0
FortiTester version 4.1.0 through 4.1.1
FortiTester version 4.0.0
FortiTester version 3.9.0 through 3.9.1
FortiTester version 3.8.0
FortiTester version 3.7.0 through 3.7.1
FortiTester version 3.6.0
FortiTester version 3.5.0 through 3.5.1
FortiTester version 3.4.0
FortiTester version 3.3.0 through 3.3.1
FortiTester version 3.2.0
FortiTester version 3.1.0
FortiTester version 3.0.0
FortiTester version 2.9.0
FortiTester version 2.8.0
FortiTester version 2.7.0
FortiTester version 2.6.0
FortiTester version 2.5.0
FortiTester version 2.4.0 through 2.4.1
FortiTester version 2.3.0

Solutions

Please upgrade to FortiTester version 7.2.0 or above
Please upgrade to FortiTester version 7.1.1 or above
Please upgrade to FortiTester version 4.2.1 or above
Please upgrade to FortiTester version 3.9.2 or above

Acknowledgement

Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team.