Summary
An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.
Affected Products
FortiWAN versions 4.5.7 and below.
Solutions
Please upgrade to FortiWAN version 4.5.8 or above.
Acknowledgement
Fortinet is pleased to thank Resecurity, Inc for bringing this issue to our attention under responsible disclosure.
Fuente:
FortGuard Labs - Fortinet
