PT-2023-25646 · Fortinet · Fortiap-U
Published
2023-09-13
·
Updated
2026-01-29
·
CVE-2023-36634
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FortiAP-U versions 5.4 through 7.0.0
FortiAP-U versions 6.0 through 6.2.5
Description
An incomplete filtering of special elements in the command line interpreter may allow an authenticated attacker to list and delete arbitrary files and directories via specially crafted command arguments.
Recommendations
For FortiAP-U versions 5.4 through 7.0.0, update to a version that includes a fix for the incomplete filtering of special elements vulnerability.
For FortiAP-U versions 6.0 through 6.2.5, update to a version that includes a fix for the incomplete filtering of special elements vulnerability.
As a temporary workaround, consider restricting access to the command line interpreter to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiap-U