PSIRT Advisories

FortiAP-C - Command injection in CLI

Summary

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.

Affected Products

FortiAP-C version 5.4.0 through 5.4.3
 

Solutions

Please upgrade to FortiAP-C 5.4.4 or above.

Acknowledgement

Fortinet is pleased to thank Esdras DAGO - chackal (@Chackal__ on twitter) for reporting this under responsible disclosure.