FortiAP-C - Command injection in CLI


An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.

Affected Products

FortiAP-C version 5.4.0 through 5.4.3


Please upgrade to FortiAP-C 5.4.4 or above.


Fortinet is pleased to thank Esdras DAGO - chackal (@Chackal__ on twitter) for reporting this under responsible disclosure.