PSIRT Advisory
FortiAP system command injection through ifconfig command
Summary
A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
Impact
system command injection
Affected Products
FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below
FortiAP 6.0.5 and below
FortiAP-U all versions below 6.0.0
Solutions
Upgrade to FortiAP-S/W2 6.0.6 or 6.2.2
Upgrade to FortiAP 6.0.6
Upgrade to FortiAP-U 6.0.0
Acknowledgement
Fortinet is pleased to thank "NYC Cyber Command" for reporting this vulnerability under responsible disclosure.