FortiWLC-SD Privilege escalation vulnerability using copy running-config
Summary
The lack of input sanitisation for CLI command 'copy running-config' allows a user with 'admin' or 'superuser' privilege level to gain shell on the FortiWLC-SD with root privilege.
Affected Products
FortiWLC-SD versions 8.2.4 and belowSolutions
Upgrade to FortiWLC-SD version 8.3.0Acknowledgement
Fortinet is pleased to thank Tom Scholten of SolidBE for reporting this vulnerability under responsible disclosure