Fortinet’s web application firewall (WAF) platform, known as FortiWeb, has been discovered to have an unpatched OS command-injection security vulnerability. It may allow for privilege escalation and complete device control. FortiWeb is a cybersecurity defense platform designed to protect mission-critical web applications from known and unknown vulnerabilities. According to Fortinet, the firewall has been used to keep up with the deployment of new or updated features, as well as the addition of new online APIs.
Fortinet has released critical patches to address vulnerabilities in multiple products. Users and administrators are encouraged to apply the necessary updates.
To upgrade to the latest patches and security updates, visit the vendor website