CVE-2017-7341 AP script download path traveral and OS cmd injection vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-17-119 Final 1 1 2017-10-13T00:00:00 Current version 2017-10-13T00:00:00 2017-10-13T00:00:00 The FortiWLC file management AP script download webUI page is affected by an OS Command Injection vulnerability which may allow an authenticated admin user to execute arbitrary system console commands, and possibly subsequently "root" the device. Execute unauthorized code or commands FortiWLC 6.1-2 -> 6.1-5FortiWLC 7.0-7 -> 7.0-10FortiWLC 8.0 -> 8.2FortiWLC 8.3.0 -> 8.3.2 For FortiWLC 7.x branch, upgrade to 7.0.11 or newer versions.For FortiWLC 8.x branch, upgrade to 8.3.3 or newer versions. Fortinet is pleased to thank Tom Scholten, SOLIDBE B.V. for reporting this vulnerability under responsible disclosure. CVE-2017-7341 0 https://fortiguard.fortinet.com/psirt/FG-IR-17-119 CVE-2017-7341 AP script download path traveral and OS cmd injection vulnerability Reference>