FortiWLC - Improper authenticated access control


An improper access control vulnerability [CWE-284] in FortiWLC may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

Affected Products

FortiWLC versions 8.6.1 and below.
FortiWLC versions 8.5.x.
FortiWLC versions 8.4.x.
FortiWLC versions 8.3.x.
FortiWLC versions 8.2.x.
FortiWLC versions 8.1.x.
FortiWLC versions 8.0.x.


Please upgrade to FortiWLC version 8.6.2 or above. 


Fortinet is pleased to thank the customer who reported this vulnerability under responsible disclosure.