What is CVE-2022-29058?

CVE-2022-29058 is an improper neutralization of special elements vulnerability in the command line interpreter of FortiAP.

Which software versions are affected by CVE-2022-29058?

FortiAP versions 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S versions 6.0.0 through 6.4.7, FortiAP-W2 versions 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, and FortiAP-U versions 5.4.0 through 5.4.6, 6.0.0 through 6.0.4, and 6.2.0 through 6.2.4 are affected.

What is the severity of CVE-2022-29058?

The severity of CVE-2022-29058 is high with a CVSS score of 7.8.

How can I fix CVE-2022-29058?

Update FortiAP and FortiAP-S to version 6.4.8 or later, FortiAP-W2 to version 6.4.8 or later, FortiAP-U to version 6.2.6 or later, and FortiAP to version 7.0.4 or later.

Where can I find more information about CVE-2022-29058?

You can find more information about CVE-2022-29058 on the FortiGuard website: https://fortiguard.com/psirt/FG-IR-21-163

Vulnerability/
CVE-2022-29058

high

7.8

CWE

6/9/2022

25/10/2024

CVE-2022-29058: Command injection in CLI

First published: Tue Sep 06 2022(Updated: )

An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiAP	>=6.0.0<=6.0.6
Fortinet FortiAP	>=6.4.3<6.4.8
Fortinet FortiAP	>=7.0.0<7.0.4
Fortinet FortiAP	=7.2.0
Fortinet FortiAP	>=6.0.0<=6.0.6
Fortinet FortiAP	>=6.2.0<=6.2.6
Fortinet FortiAP	>=6.4.0<6.4.8
Fortinet FortiAP	>=5.4.0<=5.4.6
Fortinet FortiAP	>=6.0.0<=6.0.4
Fortinet FortiAP	>=6.2.0<6.2.4
Fortinet FortiAP	>=6.0.0<=6.0.6
Fortinet FortiAP	>=6.2.0<=6.2.6
Fortinet FortiAP	>=6.4.0<6.4.8
Fortinet FortiAP	>=7.0.0<7.0.4
Fortinet FortiAP	=7.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-29058?
CVE-2022-29058 is an improper neutralization of special elements vulnerability in the command line interpreter of FortiAP.
Which software versions are affected by CVE-2022-29058?
FortiAP versions 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S versions 6.0.0 through 6.4.7, FortiAP-W2 versions 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, and FortiAP-U versions 5.4.0 through 5.4.6, 6.0.0 through 6.0.4, and 6.2.0 through 6.2.4 are affected.
What is the severity of CVE-2022-29058?
The severity of CVE-2022-29058 is high with a CVSS score of 7.8.
How can I fix CVE-2022-29058?
Update FortiAP and FortiAP-S to version 6.4.8 or later, FortiAP-W2 to version 6.4.8 or later, FortiAP-U to version 6.2.6 or later, and FortiAP to version 7.0.4 or later.
Where can I find more information about CVE-2022-29058?
You can find more information about CVE-2022-29058 on the FortiGuard website: https://fortiguard.com/psirt/FG-IR-21-163

agent/type
agent/weakness
agent/author
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2022-29058
collector/fortiguard-psirt
agent/severity
agent/references
agent/title
agent/first-publish-date
agent/event
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortiap
version/fortinet fortiap/6.0.0
version/fortinet fortiap/6.0.6
version/fortinet fortiap/6.4.3
version/fortinet fortiap/7.0.0
version/fortinet fortiap/7.2.0
version/fortinet fortiap/6.2.0
version/fortinet fortiap/6.2.6
version/fortinet fortiap/6.4.0
version/fortinet fortiap/5.4.0
version/fortinet fortiap/5.4.6
version/fortinet fortiap/6.0.4