CVE-2019-15708

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiap-s/w2; Fortinet Fortiap-u; Fortinet Fortiap
Vendor: CVE Published:; 15 March 2020

Summary

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.

Affected Version(s)

Fortinet FortiAP below 6.0.0

Fortinet FortiAP-S/W2 6.2.1

Fortinet FortiAP-S/W2 6.2.0

References

https://fortiguard.com/psirt/FG-IR-19-209

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2020
Vulnerability Reserved
Aug 27, 2019