Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities affecting a range of Fortinet products (FortiAnalyzer, FortiSandbox, FortiClientEMS, FortiDDoS-F, FortiSOAR, FortiWeb, FortiOS, FortiManager, FortiNDR, FortiVoice, and others) have been disclosed, including several high-severity issues — notably unauthenticated heap-based buffer overflow and OS command injection leading to potential arbitrary code execution — alongside numerous lower-severity flaws (SQL injection, path traversal, XSS, insecure credential/storage issues). Successful exploitation of the most severe vulnerabilities could allow attackers to run code as service accounts, potentially leading to program installation, data access/modification, or account creation depending on privileges.