CVE-2021-26106

7.8HIGH

Key Information:

Vendor
Fortinet
Status
Fortinet Fortiap-w2, Fortiap-s, Fortiap
Vendor
CVE Published:
9 July 2021

Summary

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments.

Affected Version(s)

Fortinet FortiAP-W2, FortiAP-S, FortiAP FortiAP-W2 6.2.4 through 6.2.5; FortiAP-S 6.2.4 through 6.2.5; FortiAP 6.4.1 through 6.4.5

References

https://fortiguard.com/advisory/FG-IR-20-210
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.