Command injection in Automation/Webhook module Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-310 Final 1 1 2023-09-13T00:00:00 Current version 2023-09-13T00:00:00 2023-09-13T00:00:00 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. None Execute unauthorized code or commands FortiADC 7.4 all versions are not affectedFortiADC 7.2 all versions are not affectedFortiADC version 7.1.0 through 7.1.1FortiADC version 7.0.0 through 7.0.3FortiADC version 6.2.0 through 6.2.5FortiADC 6.1 all versionsFortiADC 6.0 all versions are not affectedFortiADC 5.4 all versions are not affectedFortiADC 5.3 all versions are not affected Please upgrade to FortiADC version 7.1.2 or abovePlease upgrade to FortiADC version 7.0.4 or abovePlease upgrade to FortiADC version 6.2.6 or above FortiADC 7.1.1 FortiADC 7.1.0 FortiADC 7.0.3 FortiADC 7.0.2 FortiADC 7.0.1 FortiADC 7.0.0 FortiADC 6.2.5 FortiADC 6.2.4 FortiADC 6.2.3 FortiADC 6.2.2 FortiADC 6.2.1 FortiADC 6.2.0 FortiADC 6.1.6 FortiADC 6.1.5 FortiADC 6.1.4 FortiADC 6.1.3 FortiADC 6.1.2 FortiADC 6.1.1 FortiADC 6.1.0 CVE-2022-35849 FortiADC-7.1.1 FortiADC-7.1.0 FortiADC-7.0.3 FortiADC-7.0.2 FortiADC-7.0.1 FortiADC-7.0.0 FortiADC-6.2.5 FortiADC-6.2.4 FortiADC-6.2.3 FortiADC-6.2.2 FortiADC-6.2.1 FortiADC-6.2.0 FortiADC-6.1.6 FortiADC-6.1.5 FortiADC-6.1.4 FortiADC-6.1.3 FortiADC-6.1.2 FortiADC-6.1.1 FortiADC-6.1.0 7.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-310 Command injection in Automation/Webhook module Reference>