FortiOS local privilege escalation via malicious use of USB storage devices

An admin user with superadmin privileges can execute an arbitrary binary contained on an USB drive plugged to a FortiGate, via linking the aforementioned binary to a command that is allowed to be run by the fnsysctl CLI command...

SSL VPN Web Portal user credentials may be leaked to super_admins

An admin user with superadmin privileges i.e. with a superadmin profile may view the current sslvpn web portal session info, using the fnsysctl CLI command. This info includes user credentials...