PSIRT Advisories

FortiWLC-SD Privilege escalation vulnerability using copy running-config


The lack of input sanitisation for CLI command 'copy running-config' allows a user with 'admin' or 'superuser' privilege level to gain shell on the FortiWLC-SD with root privilege.

Affected Products

FortiWLC-SD versions 8.2.4 and below


Upgrade to FortiWLC-SD version 8.3.0


Fortinet is pleased to thank Tom Scholten of SolidBE for reporting this vulnerability under responsible disclosure