CVE-2024-26012
published 2025-01-14CVE-2024-26012: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiap | — | — |
| fortinet | fortiap | >= 6.4.1 < 7.2.4 | 7.2.4 |
| fortinet | fortiap | 6.4.3 – 6.4.9 | — |
| fortinet | fortiap | 7.0.0 – 7.0.7 | — |
| fortinet | fortiap | 7.2.0 – 7.2.3 | — |
| fortinet | fortiap | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | fortiap | 7.4.0 – 7.4.2 | — |
| fortinet | fortiap-s | — | — |
| fortinet | fortiap-s | >= 6.2.0 < 6.4.10 | 6.4.10 |
| fortinet | fortiap-s | 6.2.0 – 6.2.6 | — |
| fortinet | fortiap-s | 6.4.0 – 6.4.9 | — |
| fortinet | fortiap-w2 | — | — |
| fortinet | fortiap-w2 | >= 6.4.0 < 7.2.4 | 7.2.4 |
| fortinet | fortiap-w2 | 6.4.0 – 6.4.10 | — |
| fortinet | fortiap-w2 | 7.0.0 – 7.0.8 | — |
| fortinet | fortiap-w2 | 7.2.0 – 7.2.3 | — |
| fortinet | fortiap-w2 | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | fortiap-w2 | 7.4.0 – 7.4.2 | — |
| fortinet | fortinet | — | — |