====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN018
_____________________________________________________________________

DATE                : 12/01/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiDeceptor versions
                             prior to 3.2.0, 3.1.1, 3.0.2.

=====================================================================
https://www.fortiguard.com/psirt/FG-IR-20-177
_____________________________________________________________________

IR Number 	FG-IR-20-177
Date            Jan 04, 2021
Risk 	
CVSSv3 Score     8.1
Impact           Execute unauthorized code or commands
CVE ID           CVE-2020-29017
CVRF             Download



FortiDeceptor is impacted by an OS command injection vulnerability

Summary

An OS command injection vulnerability in FortiDeceptor may allow a
remote authenticated attacker to execute arbitrary commands on the
system by exploiting a command injection vulnerability on the
Customization page.


Impact

Execute unauthorized code or commands


Affected Products

FortiDeceptor versions 3.1.0 and below.
FortiDeceptor versions 3.0.1 and below.


Solutions

Please upgrade to FortiDeceptor versions 3.2.0 or above.
Please upgrade to FortiDeceptor versions 3.1.1 or above.
Please upgrade to FortiDeceptor versions 3.0.2 or above.


Acknowledgement

Fortinet is pleased to thank Chua Wei Kiat for finding and reporting
this issue.

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================