CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-36634
https://notcve.org/view.php?id=CVE-2023-36634
13 Sep 2023 — An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments. Un filtrado incompleto de una o más instancias de vulnerabilidad de elementos especiales [CWE-792] en el intérprete de línea de comando de FortiAP-U 7.0.0, 6.2.0 a 6.2.5, 6.0 todas las ... • https://fortiguard.com/psirt/FG-IR-23-123 • CWE-73: External Control of File Name or Path •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-25608
https://notcve.org/view.php?id=CVE-2023-25608
13 Sep 2023 — An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbi... • https://fortiguard.com/psirt/FG-IR-22-120 • CWE-792: Incomplete Filtering of One or More Instances of Special Elements •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-29058
https://notcve.org/view.php?id=CVE-2022-29058
06 Sep 2022 — An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. Una neutralización inapropiada de elementos especiales [CWE-89] usado... • https://fortiguard.com/psirt/FG-IR-21-163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-30301
https://notcve.org/view.php?id=CVE-2022-30301
18 Jul 2022 — A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands. Una vulnerabilidad de salto de ruta [CWE-22] en FortiAP-U CLI versiones 6.2.0 hasta 6.2.3, 6.0.0 hasta 6.0.4, 5.4.0 hasta 5.4.6, puede permitir a un usuario administrador eliminar y acceder a archivos y datos no autorizados por medio de comandos CLI especialmente diseñados. • https://fortiguard.com/psirt/FG-IR-22-109 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-15709
https://notcve.org/view.php?id=CVE-2019-15709
01 Jun 2020 — An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. Una comprobación de entrada inapropiada en FortiAP-S/W2 versiones 6.2.0 hasta 6.2.2, versiones 6.0.5 y por debajo, FortiAP-U versiones 6.0.1 y por debajo, la consola de administración de la CLI puede permitir a administradores no autorizados sobrescribir los archivos de sist... • https://fortiguard.com/psirt/FG-IR-19-298 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-15708
https://notcve.org/view.php?id=CVE-2019-15708
15 Mar 2020 — A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. Una vulnerabilidad de inyección de comandos de sistema en el FortiAP-S/W2 versiones 6.2.1, 6.2.0, 6.0.5 y por debajo, FortiAP versiones 6.0.5 y por debajo y FortiAP-U versiones por debajo de 6.0.0, bajo la consola de administrac... • https://fortiguard.com/psirt/FG-IR-19-209 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •