Command injection in CLI Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-163 Final 1 1 2022-09-06T00:00:00 Current version 2022-09-06T00:00:00 2022-09-06T00:00:00 An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP, FortiAP-S, FortiAP-W2 and FortiAP-U may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. None Execute unauthorized code or commands FortiAP-U version 5.4 all versionsFortiAP-U version 6.0 all versionsFortiAP-U version 6.2.0 through 6.2.3FortiAP-W2 version 6.0 all versionsFortiAP-W2 version 6.2 all versionsFortiAP-W2 version 6.4.0 through 6.4.7FortiAP-W2 version 7.0.0 through 7.0.3FortiAP-W2 version 7.2.0FortiAP-S version 6.0 all versionsFortiAP-S version 6.2 all versionsFortiAP-S version 6.4.0 through 6.4.7FortiAP version 6.0 all versionsFortiAP version 6.4.3 through 6.4.7FortiAP version 7.0.0 through 7.0.3FortiAP version 7.2.0 Please upgrade to FortiAP 7.2.1 or above.Please upgrade to FortiAP 7.0.4 or above.Please upgrade to FortiAP 6.4.8 or above.Please upgrade to FortiAP-W2 7.2.1 or above.Please upgrade to FortiAP-W2 7.0.4 or above.Please upgrade to FortiAP-W2 6.4.8 or above.Please upgrade to FortiAP-S 6.4.8 or above.Please upgrade to FortiAP-U 6.2.4 or above. Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team. CVE-2022-29058 7.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-163 Command injection in CLI Reference>