CVE-2022-30301

Name of the Vulnerable Software and Affected Versions FortiAP-U CLI versions 5.4.0 through 5.4.6 FortiAP-U CLI versions 6.0.0 through 6.0.4 FortiAP-U CLI versions 6.2.0 through 6.2.3

Description A path traversal vulnerability in FortiAP-U CLI is related to incorrect restriction of a directory path with limited access. Exploitation of this issue may allow an attacker to gain unauthorized access to read, modify, and delete files and execute arbitrary commands. This vulnerability may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands.

Recommendations For FortiAP-U CLI versions 5.4.0 through 5.4.6, update to a version outside of this range to mitigate the risk. For FortiAP-U CLI versions 6.0.0 through 6.0.4, update to a version outside of this range to mitigate the risk. For FortiAP-U CLI versions 6.2.0 through 6.2.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.