First published: Mon Jun 01 2020(Updated: )
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet Fortiap-s | <=6.0.5 | |
Fortinet Fortiap-s | >=6.2.0<=6.2.2 | |
Fortinet Fortiap-s | ||
Fortinet FortiAP-W2 | <=6.0.5 | |
Fortinet FortiAP-W2 | >=6.2.0<=6.2.2 | |
Fortinet FortiAP-W2 | ||
Fortinet FortiAP-U | <=6.0.1 | |
Fortinet FortiAP-U |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15709 is a vulnerability in FortiAP-S/W2 and FortiAP-U admin console that allows unauthorized administrators to overwrite system files via specially crafted tcpdump commands.
FortiAP-S/W2 versions 6.2.0 to 6.2.2 and 6.0.5 and below, as well as FortiAP-U versions 6.0.1 and below, are affected.
CVE-2019-15709 has a severity rating of 6.5 (high).
Unauthorized administrators can exploit CVE-2019-15709 by using specially crafted tcpdump commands in the CLI to overwrite system files.
You can find more information about CVE-2019-15709 at the following link: https://fortiguard.com/psirt/FG-IR-19-298