FortiAP system command injection through ifconfig command
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-209
Final
1
1
2020-02-10T00:00:00
Current version
2020-02-10T00:00:00
2020-02-10T00:00:00
A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
system command injection
FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below FortiAP 6.0.5 and below FortiAP-U all versions below 6.0.0
Upgrade to FortiAP-S/W2 6.0.6 or 6.2.2 Upgrade to FortiAP 6.0.6 Upgrade to FortiAP-U 6.0.0
Fortinet is pleased to thank "NYC Cyber Command" for reporting this vulnerability under responsible disclosure.
FortiAP 6.0.5
FortiAP 6.0.4
FortiAP 6.0.3
FortiAP 6.0.2
FortiAP 6.0.1
FortiAP 6.0.0
FortiAP 5.6.5
FortiAP 5.6.4
FortiAP 5.6.3
FortiAP 5.6.2
FortiAP 5.6.1
FortiAP 5.6.0
FortiAP 5.4.4
FortiAP 5.4.3
FortiAP 5.4.2
FortiAP 5.4.1
FortiAP 5.4.0
FortiAP 5.3.3
FortiAP 5.2.7
FortiAP 5.2.6
FortiAP 5.2.5
FortiAP 5.2.4
FortiAP 5.2.3
FortiAP 5.2.2
FortiAP 5.2.1
FortiAP 5.2.0
FortiAP 5.0.11
FortiAP 5.0.10
FortiAP 5.0.9
FortiAP 5.0.8
FortiAP 5.0.7
FortiAP 5.0.6
FortiAP 5.0.5
FortiAP 5.0.4
FortiAP 5.0.3
FortiAP 5.0.2
FortiAP 5.0.1
FortiAP 5.0.0
FortiAP-S 6.2.1
FortiAP-S 6.2.0
FortiAP-S 6.0.5
FortiAP-S 6.0.4
FortiAP-S 6.0.3
FortiAP-S 6.0.2
FortiAP-S 6.0.1
FortiAP-S 6.0.0
FortiAP-S 5.6.4
FortiAP-S 5.6.3
FortiAP-S 5.6.2
FortiAP-S 5.6.1
FortiAP-S 5.6.0
FortiAP-S 5.4.4
FortiAP-S 5.4.3
FortiAP-U 5.4.6
FortiAP-U 5.4.5
FortiAP-U 5.4.4
FortiAP-U 5.4.3
FortiAP-U 5.4.0
FortiAP-W2 6.2.1
FortiAP-W2 6.2.0
FortiAP-W2 6.0.5
FortiAP-W2 6.0.4
FortiAP-W2 6.0.3
FortiAP-W2 6.0.2
FortiAP-W2 6.0.1
FortiAP-W2 6.0.0
FortiAP-W2 5.6.4
FortiAP-W2 5.6.3
FortiAP-W2 5.6.2
FortiAP-W2 5.6.1
FortiAP-W2 5.6.0
FortiAP-W2 5.4.4
FortiAP-W2 5.4.3
FortiAP-W2 5.4.2
FortiAP-W2 5.4.1
FortiAP-W2 5.4.0
FortiAP system command injection through ifconfig command
CVE-2019-15708
FortiAP-6.0.5
FortiAP-6.0.4
FortiAP-6.0.3
FortiAP-6.0.2
FortiAP-6.0.1
FortiAP-6.0.0
FortiAP-5.6.5
FortiAP-5.6.4
FortiAP-5.6.3
FortiAP-5.6.2
FortiAP-5.6.1
FortiAP-5.6.0
FortiAP-5.4.4
FortiAP-5.4.3
FortiAP-5.4.2
FortiAP-5.4.1
FortiAP-5.4.0
FortiAP-5.3.3
FortiAP-5.2.7
FortiAP-5.2.6
FortiAP-5.2.5
FortiAP-5.2.4
FortiAP-5.2.3
FortiAP-5.2.2
FortiAP-5.2.1
FortiAP-5.2.0
FortiAP-5.0.11
FortiAP-5.0.10
FortiAP-5.0.9
FortiAP-5.0.8
FortiAP-5.0.7
FortiAP-5.0.6
FortiAP-5.0.5
FortiAP-5.0.4
FortiAP-5.0.3
FortiAP-5.0.2
FortiAP-5.0.1
FortiAP-5.0.0
FortiAP-S-6.2.1
FortiAP-S-6.2.0
FortiAP-S-6.0.5
FortiAP-S-6.0.4
FortiAP-S-6.0.3
FortiAP-S-6.0.2
FortiAP-S-6.0.1
FortiAP-S-6.0.0
FortiAP-S-5.6.4
FortiAP-S-5.6.3
FortiAP-S-5.6.2
FortiAP-S-5.6.1
FortiAP-S-5.6.0
FortiAP-S-5.4.4
FortiAP-S-5.4.3
FortiAP-U-5.4.6
FortiAP-U-5.4.5
FortiAP-U-5.4.4
FortiAP-U-5.4.3
FortiAP-U-5.4.0
FortiAP-W2-6.2.1
FortiAP-W2-6.2.0
FortiAP-W2-6.0.5
FortiAP-W2-6.0.4
FortiAP-W2-6.0.3
FortiAP-W2-6.0.2
FortiAP-W2-6.0.1
FortiAP-W2-6.0.0
FortiAP-W2-5.6.4
FortiAP-W2-5.6.3
FortiAP-W2-5.6.2
FortiAP-W2-5.6.1
FortiAP-W2-5.6.0
FortiAP-W2-5.4.4
FortiAP-W2-5.4.3
FortiAP-W2-5.4.2
FortiAP-W2-5.4.1
FortiAP-W2-5.4.0
6.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-209
FortiAP system command injection through ifconfig command
Reference>