Command Injection Vulnerability in Fortinet FortiAP Products
CVE-2019-15708

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiap-s/w2; Fortinet Fortiap-u; Fortinet Fortiap
Vendor: CVE Published:; 15 March 2020

Summary

A command injection vulnerability exists in Fortinet's FortiAP products, specifically within the CLI admin console. This issue allows unauthorized administrators to execute arbitrary system-level commands through specially crafted ifconfig commands. Affected versions include FortiAP-S/W2 6.2.1, 6.2.0, FortiAP 6.0.5 and earlier, as well as FortiAP-U versions below 6.0.0. Organizations using these products are advised to take immediate action to mitigate risks.

Affected Version(s)

Fortinet FortiAP below 6.0.0

Fortinet FortiAP-S/W2 6.2.1

Fortinet FortiAP-S/W2 6.2.0

References

https://fortiguard.com/psirt/FG-IR-19-209

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2020
Vulnerability Reserved
Aug 27, 2019