HIGH🇬🇧 English

CVE-2023-36634

CVSS 7.1v3.1pub. 2023-09-13upd. 2024-11-21

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • Fortinet Fortiap U

    APP
    Fortinet
    7.0.05.4.0 – 5.4.66.0.0 – 6.0.46.2.0 – 6.2.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-29058HIGH7.8ten sam produkt

An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the co...

CVE-2022-30301HIGH7.8ten sam produkt

A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 throu...

CVE-2025-53680MEDIUM6.7ten sam produkt

An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [C...

CVE-2023-25608MEDIUM5.5ten sam produkt

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command li...

CVE-2019-15709MEDIUM6.5ten sam produkt

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI ad...