Fortinet FortiAP OS Command Injection Vulnerability

A command injection vulnerability has been identified in Fortinet FortiAP products, specifically in versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, and 6.4 all versions. Additionally, FortiAP-U versions 7.0.0 through 7.0.5 and 6.2 all versions, as well as FortiAP-W2 versions 7.4.0 through 7.4.4, 7.2 all versions, and 7.0 all versions are affected. This vulnerability allows an authenticated privileged attacker to execute unauthorized code or commands by sending crafted CLI requests.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution or command execution on the affected device.

Remediation

Users can upgrade to Fortinet FortiAP 7.6.3 or above, FortiAP 7.4.6 or above, FortiAP-U 7.0.6 or above, or FortiAP-W2 7.4.5 or above. For FortiAP 7.2, 6.4, and FortiAP-W2 7.2 and 7.0, users should migrate to a fixed release.