CVE-2019-15708

Summary

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiAP-S/W26.2.1affected
FortinetFortinet FortiAP-S/W26.2.0affected
FortinetFortinet FortiAP-S/W26.0.5 and belowaffected
FortinetFortinet FortiAP-U6.0.5 and belowaffected
FortinetFortinet FortiAPbelow 6.0.0affected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References