PSIRTFortiAP's - Arbitrary file read through the CLI
Summary
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP, FortiAP-W2, FortiAP-U, FortiAP-C may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.
| Version | Affected | Solution |
|---|---|---|
| FortiAP 7.2 | 7.2.0 through 7.2.1 | Upgrade to 7.2.2 or above |
| FortiAP 7.0 | 7.0.0 through 7.0.5 | Upgrade to 7.0.6 or above |
| FortiAP 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiAP 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiAP-C 5.4 | 5.4.0 through 5.4.4 | Upgrade to 5.4.5 or above |
| FortiAP-C 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiAP-U 7.0 | 7.0.0 | Upgrade to 7.0.1 or above |
| FortiAP-U 6.2 | 6.2.0 through 6.2.5 | Upgrade to 6.2.6 or above |
| FortiAP-U 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiAP-U 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiAP-W2 7.2 | 7.2.0 through 7.2.1 | Upgrade to 7.2.2 or above |
| FortiAP-W2 7.0 | 7.0.3 through 7.0.5 | Upgrade to 7.0.6 or above |
| FortiAP-W2 7.0 | 7.0.0 through 7.0.1 | Upgrade to 7.0.6 or above |
| FortiAP-W2 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiAP-W2 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiAP-W2 6.0 | 6.0 all versions | Migrate to a fixed release |
Acknowledgement
Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team.Timeline
2023-09-07: Initial publication