FortiWLC-SD Privilege escalation vulnerability using copy running-config

2017-04-1200:00:00

FortiGuard Labs

www.fortiguard.com

0.001 Low

EPSS

Percentile

41.9%

JSON

The lack of input sanitisation for CLI command ‘copy running-config’ allows a user with ‘admin’ or ‘superuser’ privilege level to gain shell on the FortiWLC-SD with root privilege.

CPENameOperatorVersion
fortiwlceq8.2.7
fortiwlceq8.2.6
fortiwlceq8.2.5
fortiwlceq8.2.4
fortiwlceq8.1.3
fortiwlceq8.1.2
fortiwlceq8.0.6
fortiwlceq8.0.5
fortiwlceq7.0.9
fortiwlceq7.0.11

Name	Operator	Version
fortiwlc	eq	8.2.7
fortiwlc	eq	8.2.6
fortiwlc	eq	8.2.5
fortiwlc	eq	8.2.4
fortiwlc	eq	8.1.3
fortiwlc	eq	8.1.2
fortiwlc	eq	8.0.6
fortiwlc	eq	8.0.5
fortiwlc	eq	7.0.9
fortiwlc	eq	7.0.11

Rows per page:

1-10 of 111

0.001 Low

EPSS

Percentile

41.9%

JSON

Related for FG-IR-17-097