| IR Number | FG-IR-19-209 |
| Date | Feb 10, 2020 |
| Risk |
|
| Impact | system command injection |
| CVE ID | CVE-2019-15708 |
| Affected Products |
FortiAP-U: 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.0
FortiAP-S: 6.2.1, 6.2.0, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3
FortiAP: 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.3, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.11, 5.0.10, 5.0.1, 5.0.0
FortiAP-W2: 6.2.1, 6.2.0, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiAP system command injection through ifconfig command
Summary
A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
Affected Products
FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below
FortiAP 6.0.5 and below
FortiAP-U all versions below 6.0.0
Solutions
Upgrade to FortiAP-S/W2 6.0.6 or 6.2.2
Upgrade to FortiAP 6.0.6
Upgrade to FortiAP-U 6.0.0
Acknowledgement
Fortinet is pleased to thank "NYC Cyber Command" for reporting this vulnerability under responsible disclosure.