Command Injection Vulnerability in Fortinet FortiAP Products
CVE-2019-15708
6.7MEDIUM
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 15 March 2020
What is CVE-2019-15708?
A command injection vulnerability exists in Fortinet's FortiAP products, specifically within the CLI admin console. This issue allows unauthorized administrators to execute arbitrary system-level commands through specially crafted ifconfig commands. Affected versions include FortiAP-S/W2 6.2.1, 6.2.0, FortiAP 6.0.5 and earlier, as well as FortiAP-U versions below 6.0.0. Organizations using these products are advised to take immediate action to mitigate risks.
Affected Version(s)
Fortinet FortiAP below 6.0.0
Fortinet FortiAP-S/W2 6.2.1
Fortinet FortiAP-S/W2 6.2.0