CVE-2023-36634

Summary

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiAP-U7.0.0affected
FortinetFortiAP-U6.2.0 <= 6.2.5affected
FortinetFortiAP-U6.0.0 <= 6.0.4affected
FortinetFortiAP-U5.4.3 <= 5.4.6affected
FortinetFortiAP-U5.4.0affected

Weaknesses

  • CWE-73: Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References