PSIRT Advisories
FortiAP system command injection through ifconfig command
Summary
A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
Affected Products
FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below
FortiAP 6.0.5 and below
FortiAP-U all versions below 6.0.0
Solutions
Upgrade to FortiAP-S/W2 6.0.6 or 6.2.2
Upgrade to FortiAP 6.0.6
Upgrade to FortiAP-U 6.0.0
Acknowledgement
Fortinet is pleased to thank "NYC Cyber Command" for reporting this vulnerability under responsible disclosure.