PSIRT

FortiWLC-SD Privilege escalation vulnerability (root access) using copy running-config

Summary

The lack of input sanitisation for CLI command 'copy running-config' allows a user with 'admin' or 'superuser' privilege level to gain shell on the FortiWLC-SD with root privilege.

Affected Products

FortiWLC-SD versions 8.2.4 and below

Solutions

Upgrade to FortiWLC-SD version 8.3.0

Acknowledgement

Fortinet is pleased to thank Tom Scholten of SolidBE for reporting this vulnerability under responsible disclosure.

IR Number	FG-IR-17-097
Published Date	Apr 12, 2017
Severity	High
Discovered	External
Attack Type	Authenticated
Known Exploited	No
CVSSv3 Score	0
Impact	Escalation of privilege
CVE ID
Download	CVRF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

FortiWLC-SD Privilege escalation vulnerability (root access) using copy running-config

Summary

Affected Products

Solutions

Acknowledgement

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

FortiWLC-SD Privilege escalation vulnerability (root access) using copy running-config

Summary

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center