Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-36634: Fortiguard

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

CVE
Open in Source
#vulnerability#auth

** PSIRT Advisories**

FortiAP-U - Arbitrary file listing and deletion through the CLI

Summary

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

Affected Products

FortiAP-U version 7.0.0
FortiAP-U version 6.2.0 through 6.2.5
FortiAP-U 6.0 all versions
FortiAP-U 5.4 all versions

Solutions

Please upgrade to FortiAP-U version 7.0.1 or above
Please upgrade to FortiAP-U version 6.2.6 or above

Acknowledgement

Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team.

Timeline

2023-09-01: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE