FortiADC - Command injection in diagnose system df CLI command


An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command.

Version Affected Solution
FortiADC 7.1 7.1.0 Upgrade to 7.1.1 or above
FortiADC 7.0 7.0.0 through 7.0.3 Upgrade to 7.0.4 or above
FortiADC 6.2 6.2.0 through 6.2.4 Upgrade to 6.2.5 or above
FortiADC 6.1 6.1 all versions Migrate to a fixed release
FortiADC 6.0 6.0 all versions Migrate to a fixed release


2023-06-05: Initial publication