Fortinet Fortiap-U vulnerabilities

6 known vulnerabilities affecting fortinet/fortiap-u.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2023-36634HIGHCVSS 8.8≥ 5.4.0, ≤ 5.4.6≥ 6.0.0, ≤ 6.0.4+4 more2023-09-13

CVE-2023-36634 [HIGH] CWE-73 CVE-2023-36634: An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

CVE-2023-25608MEDIUMCVSS 6.5≥ 5.4.0, < 6.2.6v7.0.0+4 more2023-09-13

CVE-2023-25608 [MEDIUM] CWE-792 CVE-2023-25608: An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.

CVE-2022-29058HIGHCVSS 7.8≥ 5.4.0, ≤ 5.4.6≥ 6.0.0, ≤ 6.0.4+1 more2022-09-06

CVE-2022-29058 [HIGH] CWE-89 CVE-2022-29058: An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker t

CVE-2022-30301MEDIUMCVSS 6.7≥ 6.0.0, ≤ 6.0.4≥ 6.2.0, ≤ 6.2.3+5 more2022-07-19

CVE-2022-30301 [HIGH] CWE-22 CVE-2022-30301: A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5 A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands.

CVE-2019-15709MEDIUMCVSS 6.5≤ 6.0.12020-06-01

CVE-2019-15709 [MEDIUM] CWE-20 CVE-2019-15709: An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and be An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.

CVE-2019-15708MEDIUMCVSS 6.7≤ 6.0.02020-03-15

CVE-2019-15708 [MEDIUM] CWE-78 CVE-2019-15708: A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.