shell command limitation bypass by SSH local config overriding
Monitor5.1FG-IR-26-085Mar 10, 2026
Fortinet
IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries
Attack path
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
FortiSwitchAX devices with firmware versions 1.0.0 through 1.0.1 contain a vulnerability in the CLI module where authenticated administrators can bypass command limitations and filtering by modifying SSH local configuration settings. This allows execution of restricted commands that should be prevented by the device's security policies.
What this means
What could happen
An authenticated administrator could bypass command restrictions on FortiSwitchAX devices by overriding SSH configuration, potentially executing restricted commands that could disrupt network operation or allow unauthorized access to the switch.
Who's at risk
Network switch administrators and operators managing Fortinet FortiSwitchAX devices. Affects organizations using FortiSwitchAX in network switching and convergence applications where command restrictions are relied upon for security policies.
How it could be exploited
An authenticated admin user with local or SSH access modifies SSH local config settings to override the CLI module's command filtering. This allows them to execute commands that should be restricted by the device's security policies.
Prerequisites
- Administrator or elevated user credentials on the FortiSwitchAX device
- SSH access to the device or local console access
- Ability to modify SSH configuration files
Requires valid administrator credentialsLow attack complexityLocal attack vector
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
FortiSwitchAXFixed1.0.0 - 1.0.11.0.2+
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDDisable SSH access to FortiSwitchAX devices if only local management is needed
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate FortiSwitchAX to firmware version 1.0.2 or later
Long-term hardening
0/1HARDENINGRestrict SSH and console access to FortiSwitchAX devices to authorized administrators only via network segmentation or firewall rules
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b94eebcd-46ba-4e85-8329-67a1ab112a0aGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.