An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HFortinet Fortiap
APPFortinet7.2.06.4.3 – 6.4.8 (bez)7.0.0 – 7.0.4 (bez)6.0.0 – 6.0.6Fortinet Fortiap S
APPFortinet6.0.0 – 6.0.66.2.0 – 6.2.66.4.0 – 6.4.8 (bez)Fortinet Fortiap U
APPFortinet5.4.0 – 5.4.66.0.0 – 6.0.46.2.0 – 6.2.4 (bez)Fortinet Fortiap W2
APPFortinet7.2.06.0.0 – 6.0.66.2.0 – 6.2.66.4.0 – 6.4.8 (bez)7.0.0 – 7.0.4 (bez)
Powiązane podatności
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command li...
A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 throu...
An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 ...
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, Fort...
An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [C...