Fortinet Connect admin able to gain root access
A webui administrator may create a new theme that performs arbitrary code execution on the system.
Fortinet Connect 14.2, 14.10, 15.10 and 16.7
A patch is available for the following Fortinet Connect versions:
Please contact Fortinet TAC support to have access to the patches.
Fortinet is pleased to thank Spencer Lowe for reporting this vulnerability under responsible disclosure.