Home
MEDIUM: 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CDefault status
unaffected
7.6.0 (semver)
affected
7.4.0 (semver)
affected
7.2.0 (semver)
affected
7.0.0 (semver)
affected
6.4.3 (semver)
affected
Default status
unaffected
7.4.0 (semver)
affected
7.2.0 (semver)
affected
7.0.0 (semver)
affected
Default status
unaffected
7.0.0 (semver)
affected
6.2.0 (semver)
affected
Description
An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Problem types
Execute unauthorized code or commands
Product status
7.6.0 (semver)
7.4.0 (semver)
7.2.0 (semver)
7.0.0 (semver)
6.4.3 (semver)
7.4.0 (semver)
7.2.0 (semver)
7.0.0 (semver)
7.0.0 (semver)
6.2.0 (semver)
References
fortiguard.fortinet.com/psirt/FG-IR-26-131