Incomplete Filtering Vulnerability in Fortinet FortiAP Products
CVE-2023-25608

5.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiap-w2; Fortiap-c; Fortiap; Fortiap-u
Vendor: CVE Published:; 13 September 2023

Summary

Fortinet's FortiAP series, including various versions of FortiAP-W2, FortiAP-C, and FortiAP-U, are susceptible to an incomplete filtering vulnerability. This flaw allows an authenticated attacker to exploit the command line interpreter, potentially gaining unauthorized access to sensitive files by leveraging specially crafted command arguments. Admins must be vigilant to patch affected versions and safeguard their networks against this vector of attack.

Affected Version(s)

FortiAP 7.2.0 <= 7.2.1

FortiAP 7.0.0 <= 7.0.5

FortiAP 6.4.3 <= 6.4.9

References

https://fortiguard.com/psirt/FG-IR-22-120

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Feb 8, 2023