FortiAP system command injection through ifconfig command

Summary

A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.

Affected Products

FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below FortiAP 6.0.5 and below FortiAP-U all versions below 6.0.0

Solutions

Upgrade to FortiAP-S/W2 6.0.6 or 6.2.2 Upgrade to FortiAP 6.0.6 Upgrade to FortiAP-U 6.0.0

Acknowledgement

Fortinet is pleased to thank "NYC Cyber Command" for reporting this vulnerability under responsible disclosure.