Multiple improper neutralization of special elements used in an OS Command (βOS Command Injectionβ) vulnerabilities [CWE-78] in Console, Telnet, and SSH login components of FortiTester may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.