Arbitrary file listing and deletion through the CLI

Arbitrary file listing and deletion through the CLI Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-123 Final 1 1 2023-09-13T00:00:00 Current version 2023-09-13T00:00:00 2023-09-13T00:00:00 An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments. None Improper access control Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team. FortiAP-U 7.0.0 FortiAP-U 6.2.5 FortiAP-U 6.2.4 FortiAP-U 6.2.3 FortiAP-U 6.2.2 FortiAP-U 6.2.1 FortiAP-U 6.2.0 FortiAP-U 6.0.4 FortiAP-U 6.0.3 FortiAP-U 6.0.2 FortiAP-U 6.0.1 FortiAP-U 6.0.0 FortiAP-U 5.4.6 FortiAP-U 5.4.5 FortiAP-U 5.4.4 FortiAP-U 5.4.3 FortiAP-U 5.4.0 Arbitrary file listing and deletion through the CLI CVE-2023-36634 FortiAP-U-7.0.0 FortiAP-U-6.2.5 FortiAP-U-6.2.4 FortiAP-U-6.2.3 FortiAP-U-6.2.2 FortiAP-U-6.2.1 FortiAP-U-6.2.0 FortiAP-U-6.0.4 FortiAP-U-6.0.3 FortiAP-U-6.0.2 FortiAP-U-6.0.1 FortiAP-U-6.0.0 FortiAP-U-5.4.6 FortiAP-U-5.4.5 FortiAP-U-5.4.4 FortiAP-U-5.4.3 FortiAP-U-5.4.0 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:R https://fortiguard.fortinet.com/psirt/FG-IR-23-123 Arbitrary file listing and deletion through the CLI Reference>