Multiple Vulnerabilities in Fortinet Products

Languages: English. Risk Level: High.

Components Affected

  • FortiClientEMS 6.0 all versions
  • FortiClientEMS 6.2 all versions
  • FortiClientEMS 6.4 all versions
  • FortiClientEMS version 7.0.0 through 7.0.10
  • FortiClientEMS version 7.2.0 through 7.2.2
  • FortiOS version 6.2.0 through 6.2.15
  • FortiOS version 6.4.0 through 6.4.14
  • FortiOS version 7.0.0 through 7.0.12
  • FortiOS version 7.0.1 through 7.0.13
  • FortiOS version 7.2.0 through 7.2.6
  • FortiOS version 7.4.0 through 7.4.1
  • FortiProxy version 2.0.0 through 2.0.13
  • FortiProxy version 7.0.0 through 7.0.14
  • FortiProxy version 7.2.0 through 7.2.8
  • FortiProxy version 7.4.0 through 7.4.2


Multiple vulnerabilities were identified in Fortinet Products, where a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege and security restriction bypass on the targeted system.


Multiple vulnerabilities have been discovered in various Fortinet products, posing a significant security risk.

  • An improper neutralization of special elements used in SQL Injection vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.
  • An improper neutralization of formula elements in a CSV File vulnerability [CWE- 1236] may allow a remote and unauthenticated attacker to execute arbitrary commands on the admin workstation via creating malicious log entries with crafted requests to the server.
  • An improper authentication vulnerability [CWE-287] in FortiOS when configured with FortiAuthenticator in HA may allow an authenticated attacker with at least read- only permission to gain read-write access via successive login attempts.
  • An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS and FortiProxy SSLVPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.
  • An out-of-bounds write vulnerability [CWE-787] and a Stack-based Buffer Overflow [CWE-121] in FortiOS & FortiProxy captive portal may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests.


  • Security Restriction Bypass
  • Remote Code Execution
  • Elevation of Privilege

Solution/ Workarounds

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:



The information provided herein is on an “as is” basis, without warranty of any kind.