What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2023-25608.

What is the severity of CVE-2023-25608?

The severity of CVE-2023-25608 is medium with a severity value of 6.5.

Which versions of FortiAP-C are affected by CVE-2023-25608?

FortiAP-C versions 5.4.0 through 5.4.4 and 5.2 all versions are affected.

How can I fix CVE-2023-25608?

To fix CVE-2023-25608, update FortiAP-W2 to versions 7.2.2 or later, update FortiAP-C to version 5.4.5 or later, or apply the necessary patches or upgrades as recommended by Fortinet.

Vulnerability/
CVE-2023-25608

medium

6.5

CWE

792

13/9/2023

24/9/2024

CVE-2023-25608: FortiAP's - Arbitrary file read through the CLI

First published: Wed Sep 13 2023(Updated: )

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.

Credit: psirt@fortinet.com psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiAP	>=6.0.0<7.0.6
Fortinet FortiAP	>=7.2.0<7.2.2
Fortinet FortiAP-C	>=5.2.0<5.4.5
Fortinet FortiAP-U	>=5.4.0<6.2.6
Fortinet FortiAP-U	=7.0.0
Fortinet FortiAP-W2	>=6.0.0<=7.0.1
Fortinet FortiAP-W2	>=7.0.3<7.0.6
Fortinet FortiAP-W2	>=7.2.0<7.2.2
Fortinet FortiAP	>=7.2.0<=7.2.1
Fortinet FortiAP	>=7.0.0<=7.0.5
Fortinet FortiAP	>=6.4
Fortinet FortiAP	>=6.0
Fortinet FortiAP-C	>=5.4.0<=5.4.4
Fortinet FortiAP-C	>=5.2
Fortinet FortiAP-U	=.
Fortinet FortiAP-U	>=6.2.0<=6.2.5
Fortinet FortiAP-U	>=6.0
Fortinet FortiAP-U	>=5.4
Fortinet FortiAP-W2	>=7.2.0<=7.2.1
Fortinet FortiAP-W2	>=7.0.3<=7.0.5
Fortinet FortiAP-W2	>=7.0.0<=7.0.1
Fortinet FortiAP-W2	>=6.4
Fortinet FortiAP-W2	>=6.2
Fortinet FortiAP-W2	>=6.0

Remedy

Please upgrade to FortiAP-W2 version 7.2.2 or above Please upgrade to FortiAP-W2 version 7.0.6 or above Please upgrade to FortiAP-C version 5.4.5 or above Please upgrade to FortiAP version 7.2.2 or above Please upgrade to FortiAP version 7.0.6 or above Please upgrade to FortiAP-U version 7.0.1 or above Please upgrade to FortiAP-U version 6.2.6 or above

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-25608.
What is the severity of CVE-2023-25608?
The severity of CVE-2023-25608 is medium with a severity value of 6.5.
Which versions of FortiAP-W2 are affected by CVE-2023-25608?
FortiAP-W2 versions 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, and 6.0 all versions are affected.
Which versions of FortiAP-C are affected by CVE-2023-25608?
FortiAP-C versions 5.4.0 through 5.4.4 and 5.2 all versions are affected.
How can I fix CVE-2023-25608?
To fix CVE-2023-25608, update FortiAP-W2 to versions 7.2.2 or later, update FortiAP-C to version 5.4.5 or later, or apply the necessary patches or upgrades as recommended by Fortinet.

agent/author
agent/type
agent/weakness
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/references
agent/title
agent/description
agent/first-publish-date
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
collector/fortiguard-psirt
source/FortiGuard
alias/CVE-2023-25608
agent/software-canonical-lookup
agent/tags
agent/softwarecombine
collector/fortiguard-psirt-latest
agent/event
agent/trending
vendor/fortinet
canonical/fortinet fortiap
version/fortinet fortiap/6.0.0
version/fortinet fortiap/7.2.0
canonical/fortinet fortiap-c
version/fortinet fortiap-c/5.2.0
canonical/fortinet fortiap-u
version/fortinet fortiap-u/5.4.0
version/fortinet fortiap-u/7.0.0
canonical/fortinet fortiap-w2
version/fortinet fortiap-w2/6.0.0
version/fortinet fortiap-w2/7.0.1
version/fortinet fortiap-w2/7.0.3
version/fortinet fortiap-w2/7.2.0
version/fortinet fortiap/7.2.1
version/fortinet fortiap/7.0.0
version/fortinet fortiap/7.0.5
version/fortinet fortiap/6.4
version/fortinet fortiap/6.0
version/fortinet fortiap-c/5.4.0
version/fortinet fortiap-c/5.4.4
version/fortinet fortiap-c/5.2
version/fortinet fortiap-u/.
version/fortinet fortiap-u/6.2.0
version/fortinet fortiap-u/6.2.5
version/fortinet fortiap-u/6.0
version/fortinet fortiap-u/5.4
version/fortinet fortiap-w2/7.2.1
version/fortinet fortiap-w2/7.0.5
version/fortinet fortiap-w2/7.0.0
version/fortinet fortiap-w2/6.4
version/fortinet fortiap-w2/6.2
version/fortinet fortiap-w2/6.0

CVE-2023-25608: FortiAP's - Arbitrary file read through the CLI

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?

What is the severity of CVE-2023-25608?

Which versions of FortiAP-W2 are affected by CVE-2023-25608?

Which versions of FortiAP-C are affected by CVE-2023-25608?

How can I fix CVE-2023-25608?

Company

Resources

Contact