[FortiNDR] OS command injection due to improper input sanitization

Summary

An improper input validation in FortiNDR v1.4.0 may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.

Affected Products

FortiNDR 1.4 all versions
FortiNDR 1.3 all versions
FortiNDR 1.2 all versions
FortiNDR 1.1 all versions

Solutions

Upgrade the FortiNDR firmware to any version greater than or equal to v1.5.0

Timeline

2021-05-05: Initial publication