An improper validation of parameters within CLI commands used in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an attacker to inject arbitrary commands into the FortiAP-C console by specifying command arguments with specially crafted data. An attacker can exploit this weakness by running any CLI command in the FortiAP-C console using a specially crafted argument. An attacker can also inject arbitrary commands into the FortiAP-C console by specifying command arguments with specially crafted data. Certain FortiAP-C console commands, such as the show commands, allow command arguments. By injecting commands with specific arguments, an attacker can exploit this weakness to execute unauthorized commands. This may lead to a system takeover, unauthorized device configurations, or information disclosure. An attacker can exploit this weakness by running any CLI command in the FortiAP-C console using a specially crafted argument. An attacker can also inject arbitrary commands into the FortiAP-C console by specifying command arguments with specially crafted data. Certain FortiAP-C console commands, such as the show commands, allow command arguments. By injecting commands with specific arguments, an attacker can exploit this weakness to execute unauthorized commands. This may lead to a system takeover, unauthorized device configurations, or information disclosure
Installing or Updating FortiAP-C to Version 5.4.0 through 5.4.3, 5.2.0 through 5.2.1
The FortiAP-C console supports CLI commands that are executed on the FortiAP-C. If a user issues a CLI command and includes a specially crafted argument, they can exploit this weakness to execute unauthorized commands. This may lead to a system takeover, unauthorized device configurations, or information disclosure.
Timeline
Published on: 03/02/2022 10:15:00 UTC
Last modified on: 03/10/2022 15:40:00 UTC