Overview
- Description
- An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.
- Source
- psirt@fortinet.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- psirt@fortinet.com
- CWE-73
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BEF86D0-7255-4054-8AA7-4AA411C5FE32",
"versionEndIncluding": "5.4.6",
"versionStartIncluding": "5.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "607B4B16-A019-4DB5-A3D5-845B3C81E2CA",
"versionEndIncluding": "6.0.4",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D94D840D-28B9-45AB-952C-951710AA63CD",
"versionEndIncluding": "6.2.5",
"versionStartIncluding": "6.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "743763F2-D4DE-4E9D-B112-7CA27C61A423"
}
],
"operator": "OR"
}
]
}
]