CVE-2023-36634 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2023-36634

Modified

More Info Official Page

Source-psirt@fortinet.com

Published At-13 Sep, 2023 | 13:15

Updated At-07 Nov, 2023 | 04:16

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CPE Matches

>>fortiap-u>>Versions from 5.4.0(inclusive) to 5.4.6(inclusive)

cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*

>>fortiap-u>>Versions from 6.0.0(inclusive) to 6.0.4(inclusive)

cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*

>>fortiap-u>>Versions from 6.2.0(inclusive) to 6.2.5(inclusive)

cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*

>>fortiap-u>>7.0.0

cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-73	Secondary	psirt@fortinet.com

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-73

Type: Secondary

Source: psirt@fortinet.com

References

Hyperlink	Source	Resource
https://fortiguard.com/psirt/FG-IR-23-123	psirt@fortinet.com	Vendor Advisory

Hyperlink: https://fortiguard.com/psirt/FG-IR-23-123

Source: psirt@fortinet.com

Resource:

Vendor Advisory