FortiWLC - Improper access control
An improper access control (CWE-284) vulnerability in FortiWLC may allow an unauthenticated and remote attackerÂ to access certain areas of the web management CGI functionality by just specifying the correct URL.Â The vulnerabilityÂ applies only to limited CGI resources and might allow the unauthorized party to access configuration details.Â Â
Affected ProductsFortiWLC versions 8.5.3 and below. FortiWLC versions 8.6.0 and below.
Please upgrade to FortiWLC version 8.5.4 or above.
Please upgrade to FortiWLC version 8.6.1 or above.Â