FortiAP-S/W2 system files overwrite through tcpdump CLI command
An improper input validation (CWE-20) vulnerability in FortiAP-S/W2 CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump CLI commands.
Improper Input Validation
FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below
Upgrade to FortiAP-S/W2 6.0.6 or 6.2.3
Fortinet is pleased to thank “NYC Cyber Command” for reporting this vulnerability under responsible disclosure.