CVE-2022-40679

Name of the Vulnerable Software and Affected Versions FortiADC versions 5.x through 7.1.0 FortiDDoS versions 4.x through 5.6 FortiDDoS-F versions 6.1.0 through 6.4.0

Description The issue is related to an improper neutralization of special elements used in an OS command, which may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. This could potentially enable a remote attacker to execute arbitrary commands.

Recommendations For FortiADC versions 5.x through 7.1.0, update to a version that includes a fix for this issue. For FortiDDoS versions 4.x through 5.6, update to a version that includes a fix for this issue. For FortiDDoS-F versions 6.1.0 through 6.4.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to existing commands and validating any arguments passed to them to minimize the risk of exploitation.