PT-2022-1807 · Fortinet · Fortiap-C

Published

2022-03-01

Updated

2022-03-10

CVE-2022-22301

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FortiAP-C console versions 5.2.0 through 5.2.1 FortiAP-C console versions 5.4.0 through 5.4.3

Description The issue is related to an improper neutralization of special elements used in an OS Command, which may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.

Recommendations For FortiAP-C console versions 5.2.0 through 5.2.1, update to a version outside of this range to mitigate the risk. For FortiAP-C console versions 5.4.0 through 5.4.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the use of CLI commands with crafted arguments until a patch is available.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2022-01226

CVE-2022-22301

Affected Products

Fortiap-C

PT-2022-1807 · Fortinet · Fortiap-C

CVE-2022-22301

Weakness Enumeration

Related Identifiers

Affected Products

References · 7