At a glance:
| IR Number | FG-IR-19-298 |
| Date | Feb 10, 2020 |
| Risk | 
|
| Impact | Improper Input Validation |
| CVE ID | CVE-2019-15709 |
| Affected Products |
FortiAP: 5.6, 6.0, 6.2
|
| CVRF | Download |
Refine Search
PSIRT Advisory
FortiAP system files overwrite via the tcpdump CLI command
Summary
An improper input validation (CWE-20) vulnerability in FortiAP CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
Impact
Improper Input Validation
Affected Products
FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below
FortiAP-U 6.0.1 and below
FortiAP is not impacted
FortiAP-C is not impacted
Solutions
Upgrade to FortiAP-S/W2 6.0.6 or 6.2.3 and above
Upgrade to FortiAP-U 6.0.2 or above
Revision History:
02-10-2020 Initial version
05-25-2020 Added FAP, FAP-U and FAP-C impact info.
Acknowledgement
Fortinet is pleased to thank “NYC Cyber Command” for reporting this vulnerability under responsible disclosure.