PT-2023-20192 · Fortinet · Fortiap-U+3
Published
2023-09-13
·
Updated
2023-09-15
·
CVE-2023-25608
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiAP-W2 versions 6.0 through 7.2.1
FortiAP-C versions 5.2 through 5.4.4
FortiAP versions 6.0 through 7.2.1
FortiAP-U versions 5.4 through 7.0.0
Description
An incomplete filtering of one or more instances of special elements in the command line interpreter may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.
Recommendations
For FortiAP-W2 versions 6.0 through 7.2.1, update to a version that includes the fix for this issue.
For FortiAP-C versions 5.2 through 5.4.4, update to a version that includes the fix for this issue.
For FortiAP versions 6.0 through 7.2.1, update to a version that includes the fix for this issue.
For FortiAP-U versions 5.4 through 7.0.0, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the command line interpreter to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiap
Fortiap-C
Fortiap-U
Fortiap-W2