FortiAP-C - Command injection in CLI
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-227
Final
1
1
2022-03-01T00:00:00
Current version
2022-03-01T00:00:00
2022-03-01T00:00:00
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.
None
Execute unauthorized code or commands
FortiAP-C version 5.4.0 through 5.4.3
Please upgrade to FortiAP-C 5.4.4 or above.
Fortinet is pleased to thank Esdras DAGO - chackal (@Chackal__ on twitter) for reporting this under
responsible disclosure.
FortiAP-C 5.4.3
FortiAP-C 5.4.2
FortiAP-C 5.4.1
FortiAP-C 5.4.0
FortiAP-C 5.2.1
FortiAP-C 5.2.0
FortiAP-C - Command injection in CLI
CVE-2022-22301
FortiAP-C-5.4.3
FortiAP-C-5.4.2
FortiAP-C-5.4.1
FortiAP-C-5.4.0
FortiAP-C-5.2.1
FortiAP-C-5.2.0
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:R
https://fortiguard.fortinet.com/psirt/FG-IR-21-227
FortiAP-C - Command injection in CLI
Reference>