This week, Fortinet released its monthly batch of security patches, which fix nine defects across several products, including two critical flaws in FortiADC, FortiOS, and FortiProxy. The most serious of these problems, which affect the FortiADC application delivery controller, is tracked as CVE-2023-27999 and is defined as “an improper neutralisation of special elements used in an OS command vulnerability.”
A malicious party could use forged parameters to existing commands to exploit the flaw and execute unauthorised commands. To take advantage of the vulnerability, the attacker must be authenticated. FortiADC versions 7.2.1 and 7.1.2 address the problem, which affects versions 7.2.0, 7.1.1, and 7.1.0 of the software.