PSIRT Advisory

FortiDDoS Command Injection Vulnerability Announcement

Summary

A vulnerability in FortiDDoS allows escalation of privilege via remote OS injection through crafted URLs sent to the GUI. The user is required to be logged in for an exploit to work.

Impact

Escalation of Privilege

Affected Products

FortiDDoS versions below and including 4.2.2

Solutions

Upgrade to versions 4.2.3

Acknowledgement

Fortinet is pleased to thank Juan Pablo Lopez Yacubian for reporting this vulnerability under responsible disclosure