CVE-2023-25608

Summary

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiAP-W27.2.0 <= 7.2.1affected
FortinetFortiAP-W27.0.3 <= 7.0.5affected
FortinetFortiAP-W27.0.0 <= 7.0.1affected
FortinetFortiAP-W26.4.0 <= 6.4.9affected
FortinetFortiAP-W26.2.0 <= 6.2.6affected
FortinetFortiAP-W26.0.0 <= 6.0.6affected
FortinetFortiAP-C5.4.0 <= 5.4.4affected
FortinetFortiAP-C5.2.0 <= 5.2.1affected
FortinetFortiAP7.2.0 <= 7.2.1affected
FortinetFortiAP7.0.0 <= 7.0.5affected
FortinetFortiAP6.4.3 <= 6.4.9affected
FortinetFortiAP6.0.0 <= 6.0.6affected
FortinetFortiAP-U7.0.0affected
FortinetFortiAP-U6.2.0 <= 6.2.5affected
FortinetFortiAP-U6.0.0 <= 6.0.4affected
FortinetFortiAP-U5.4.3 <= 5.4.6affected
FortinetFortiAP-U5.4.0affected
FortinetFortiAP-S6.4.0 <= 6.4.9affected
FortinetFortiAP-S6.2.0 <= 6.2.6affected
FortinetFortiAP-S6.0.0 <= 6.0.6affected

Weaknesses

  • CWE-792: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References