Mathieu Dessus

**Name of the Vulnerable Software and Affected Versions** FortiGate versions prior to 3.0 MR1 **Description** The issue allows remote attackers to bypass the Fortinet FTP anti-virus engine. This can be achieved by sending a STOR command and uploading a file before the FTP server response has been sent. An example of this exploit has been demonstrated using LFTP. **Recommendations** For versions prior to 3.0 MR1, update to version 3.0 MR1 or later to resolve the issue. As a temporary workaround, consider restricting access to the FTP component until a patch is available. Avoid using the FTP component for uploading files until the issue is resolved.