CVE-2019-15708

Name of the Vulnerable Software and Affected Versions FortiAP-S/W2 versions 6.2.1 through 6.0.5 and below FortiAP versions 6.0.5 and below FortiAP-U versions below 6.0.0

Description A system command injection issue exists due to the lack of neutralization of special elements used in operating system commands. This may allow unauthorized administrators to execute arbitrary system-level commands via specially crafted ifconfig commands under the CLI admin console.

Recommendations For FortiAP-S/W2 versions 6.2.1 through 6.0.5 and below, consider disabling the CLI admin console until a patch is available. For FortiAP versions 6.0.5 and below, restrict access to the ifconfig command to minimize the risk of exploitation. For FortiAP-U versions below 6.0.0, avoid using the CLI admin console until the issue is resolved.