Fortinet FortiExtender could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Fortinet FortiOS and Fortinet FortiProxy are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending specially crafted packets, a remote attacker could overflow a buffer and execute arbitrary code or commands on the system.
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.