PSIRT Advisories

FortiWLC - Improper authenticated access control

Summary

An improper access control vulnerability [CWE-284] in FortiWLC may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

Affected Products

FortiWLC versions 8.6.1 and below.
FortiWLC versions 8.5.x.
FortiWLC versions 8.4.x.
FortiWLC versions 8.3.x.
FortiWLC versions 8.2.x.
FortiWLC versions 8.1.x.
FortiWLC versions 8.0.x.

Solutions

Please upgrade to FortiWLC version 8.6.2 or above. 

Acknowledgement

Fortinet is pleased to thank the customer who reported this vulnerability under responsible disclosure.