CVE-2023-36634

6.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiap-u
Vendor: CVE Published:; 13 September 2023

Summary

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

Affected Version(s)

FortiAP-U 7.0.0

FortiAP-U 6.2.0 <= 6.2.5

FortiAP-U 6.0.0 <= 6.0.4

References

https://fortiguard.com/psirt/FG-IR-23-123

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Jun 25, 2023