CVE-2023-26210

Name of the Vulnerable Software and Affected Versions FortiADC Manager versions prior to 7.1.0 FortiADC versions 7.0.0 through 7.1.2 FortiADC version 7.2.0

Description The issue is related to the improper neutralization of special elements used in an operating system command, which can be exploited to execute arbitrary shell code with root privileges. This can be achieved via crafted CLI requests. A local authenticated attacker can exploit this issue.

Recommendations For FortiADC Manager versions prior to 7.1.0, update to version 7.1.0 or later. For FortiADC versions 7.0.0 through 7.1.2, update to version 7.1.2 or later. For FortiADC version 7.2.0, update to a version later than 7.2.0. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.