PSIRT Advisories

FortiAP system command injection through ifconfig command


A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.

Affected Products

FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below

FortiAP 6.0.5 and below

FortiAP-U all versions below 6.0.0


Upgrade to FortiAP-S/W2 6.0.6 or 6.2.2

Upgrade to FortiAP 6.0.6

Upgrade to FortiAP-U 6.0.0


Fortinet is pleased to thank "NYC Cyber Command" for reporting this vulnerability under responsible disclosure.