Fortinet FortiAP and FortiAP-W2 OS Command Injection Vulnerability

A vulnerability allowing OS command injection has been identified in Fortinet FortiAP and FortiAP-W2 products. This issue affects FortiAP versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.5, all versions of 7.2, all versions of 7.0, all versions of 6.4, as well as FortiAP-W2 versions 7.4.0 through 7.4.4, 7.2 all versions, and 7.0 all versions. The vulnerability allows an authenticated attacker to execute unauthorized code or commands by sending a specially crafted CLI command.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the affected device.

Remediation

Users can upgrade Fortinet FortiAP to version 7.6.3 or above, FortiAP 7.4 to version 7.4.6 or above, FortiAP-W2 7.4 to version 7.4.5 or above, and FortiAP-W2 7.2 to version 7.2.6 or above. For FortiAP 7.2 and 6.4, users should migrate to a fixed release.