OS command injection vulnerability in CLI

Summary

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiAnalyzer & FortiManager may allow an authenticated attacker to execute arbitrary shell code as root user via diagnose system CLI commands.

Affected Products

At least
FortiAnalyzer 7.6 all versions are not affected
FortiAnalyzer 7.4 all versions are not affected
FortiAnalyzer 7.2 all versions are not affected
FortiAnalyzer version 7.0.0 through 7.0.3
FortiAnalyzer version 6.4.0 through 6.4.7
FortiAnalyzer 6.2 all versions
FortiAnalyzer 6.0 all versions
At least
FortiManager 7.6 all versions are not affected
FortiManager 7.4 all versions are not affected
FortiManager 7.2 all versions are not affected
FortiManager version 7.0.0 through 7.0.3
FortiManager version 6.4.0 through 6.4.7
FortiManager 6.2 all versions
FortiManager 6.0 all versions

Solutions

Upgrade to FortiAnalyzer version 7.2.0 or above,
Upgrade to FortiAnalyzer version 7.0.4 or above,
Upgrade to FortiAnalyzer version 6.4.8 or above.
Upgrade to FortiManager version 7.2.0 or above,
Upgrade to FortiManager version 7.0.4 or above,
Upgrade to FortiManager version 6.4.8 or above.

Acknowledgement

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.

Timeline

2022-07-05: Initial publication