PSIRT Advisory

FortiAP-S/W2 system files overwrite through tcpdump CLI command

Summary

An improper input validation (CWE-20) vulnerability in FortiAP-S/W2 CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump CLI commands.

Impact

Improper Input Validation

Affected Products

FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below

Solutions

Upgrade to FortiAP-S/W2 6.0.6 or 6.2.3

Acknowledgement

Fortinet is pleased to thank “NYC Cyber Command” for reporting this vulnerability under responsible disclosure.