Fortinet FortiAP-U Command Line Interpreter incomplete filtering of one or more instances of special elements
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in Fortinet FortiAP-U. This affects an unknown function of the component Command Line Interpreter. This manipulation causes incomplete filtering of one or more instances of special elements. This vulnerability is registered as CVE-2023-36634. The attack needs to be launched locally. No exploit is available. It is recommended to upgrade the affected component.
Details
A vulnerability has been found in Fortinet FortiAP-U (Wireless LAN Software) (version now known) and classified as problematic. Affected by this vulnerability is some unknown processing of the component Command Line Interpreter. The manipulation with an unknown input leads to a incomplete filtering of one or more instances of special elements vulnerability. The CWE definition for the vulnerability is CWE-792. The product receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.
The weakness was published 09/13/2023 as FG-IR-23-123. The advisory is shared at fortiguard.com. This vulnerability is known as CVE-2023-36634 since 06/25/2023. Neither technical details nor an exploit are publicly available.
Upgrading eliminates this vulnerability.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.fortinet.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.1VulDB Meta Temp Score: 7.0
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.8
NVD Vector: 🔍
CNA Base Score: 7.1
CNA Vector (Fortinet, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Incomplete filtering of one or more instances of special elementsCWE: CWE-792 / CWE-790 / CWE-184
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
06/25/2023 🔍09/13/2023 🔍
09/13/2023 🔍
10/11/2023 🔍
Sources
Vendor: fortinet.comAdvisory: FG-IR-23-123
Status: Confirmed
CVE: CVE-2023-36634 (🔍)
GCVE (CVE): GCVE-0-2023-36634
GCVE (VulDB): GCVE-100-239665
Entry
Created: 09/13/2023 15:43Updated: 10/11/2023 14:41
Changes: 09/13/2023 15:43 (49), 10/11/2023 14:41 (11)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.