Fortinet delays patching zero-day allowing remote server takeover

Correlate

Level 16
Thread author
Verified
Top poster
Well-known
May 4, 2019
731
Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall (WAF) until the end of August.

Successful exploitation can let authenticated attackers execute arbitrary commands as the root user on the underlying system via the SAML server configuration page.