FortiWLC-SD Privilege escalation vulnerability using copy running-config

Summary

The lack of input sanitisation for CLI command 'copy running-config' allows a user with 'admin' or 'superuser' privilege level to gain shell on the FortiWLC-SD with root privilege.

Affected Products

FortiWLC-SD versions 8.2.4 and below

Solutions

Upgrade to FortiWLC-SD version 8.3.0

Acknowledgement

Fortinet is pleased to thank Tom Scholten of SolidBE for reporting this vulnerability under responsible disclosure