OS Command Injection Vulnerability in FortiAP Products
CVE-2021-26106

7.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiap-w2, Fortiap-s, Fortiap
Vendor: CVE Published:; 9 July 2021

Summary

An OS command injection flaw exists in FortiAP devices, where an authenticated user can exploit specific crafted arguments to run unauthorized commands via the kdbg CLI command. This vulnerability can potentially lead to unauthorized system manipulation, emphasizing the importance of applying security updates to affected FortiAP versions.

Affected Version(s)

Fortinet FortiAP-W2, FortiAP-S, FortiAP FortiAP-W2 6.2.4 through 6.2.5; FortiAP-S 6.2.4 through 6.2.5; FortiAP 6.4.1 through 6.4.5

References

https://fortiguard.com/advisory/FG-IR-20-210

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2021
Vulnerability Reserved
Jan 25, 2021