CVE-2022-22301 An improper neutralization of special elements used in an OS Command vulnerability in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an attacker to execute u END> END

CVE-2022-22301 An improper neutralization of special elements used in an OS Command vulnerability in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an attacker to execute u

END>

 

END

An improper validation of parameters within CLI commands used in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an attacker to inject arbitrary commands into the FortiAP-C console by specifying command arguments with specially crafted data. An attacker can exploit this weakness by running any CLI command in the FortiAP-C console using a specially crafted argument. An attacker can also inject arbitrary commands into the FortiAP-C console by specifying command arguments with specially crafted data. Certain FortiAP-C console commands, such as the show commands, allow command arguments. By injecting commands with specific arguments, an attacker can exploit this weakness to execute unauthorized commands. This may lead to a system takeover, unauthorized device configurations, or information disclosure. An attacker can exploit this weakness by running any CLI command in the FortiAP-C console using a specially crafted argument. An attacker can also inject arbitrary commands into the FortiAP-C console by specifying command arguments with specially crafted data. Certain FortiAP-C console commands, such as the show commands, allow command arguments. By injecting commands with specific arguments, an attacker can exploit this weakness to execute unauthorized commands. This may lead to a system takeover, unauthorized device configurations, or information disclosure

Installing or Updating FortiAP-C to Version 5.4.0 through 5.4.3, 5.2.0 through 5.2.1

The FortiAP-C console supports CLI commands that are executed on the FortiAP-C. If a user issues a CLI command and includes a specially crafted argument, they can exploit this weakness to execute unauthorized commands. This may lead to a system takeover, unauthorized device configurations, or information disclosure.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe