Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1474 FortiWLC - Access of Uninitialized Pointer vulnerability 6 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FortiWLC Publisher: FortiGuard Operating System: Windows UNIX variants (UNIX, Linux, OSX) Resolution: Patch/Upgrade CVE Names: CVE-2021-26093 Original Bulletin: https://fortiguard.fortinet.com/psirt/FG-IR-21-002 Comment: CVSS (Max): 6.6 CVE-2021-26093 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H) CVSS Source: FortiGuard Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- FortiWLC - Access of Uninitialized Pointer vulnerability IR Number : FG-IR-21-002 Date : Apr 5, 2022 Risk : 3/5 CVSSv3 Score : 6.6 Impact : Denial of service CVE ID : CVE-2021-26093 Affected Products: FortiWLC: 8.6.2, 8.6.1, 8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.8, 8.4.7, 8.4.6, 8.4.5, 8.4.4, 8.4.2, 8.4.1, 8.4.0, 8.3.3, 8.3.2, 8.3.1, 8.3.0, 8.2.7, 8.2.6, 8.2.5, 8.2.4, 8.1.3, 8.1.2, 8.0.6 Summary An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command. Affected Products At least FortiWLC version 8.0.6 FortiWLC version 8.1.2 through 8.1.3 FortiWLC version 8.2.4 through 8.2.7 FortiWLC version 8.3.0 through 8.3.3 FortiWLC version 8.4.0 through 8.4.8 FortiWLC version 8.5.0 through 8.5.5 FortiWLC version 8.6.0 through 8.6.2 Solutions Please upgrade to FortiWLC version 8.6.3 or above. Acknowledgement Fortinet is pleased to thank a FortiWLC customer for bringing this issue to our attention. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYk0KbeNLKJtyKPYoAQiOEA//T2GPkvkZxvpAdUzGMMPj5i7z9upI9N72 o3wy8GvOtyhqxHw/bVn4cqCK+/nauvLFT0Jni+g7cALsvZX9zH/7LAhfCtHjAU5I 5yZQFVFDrwez5mZRn19AistI8ovpK+RHp2v5UWLJeefDFVlEFj5992fsgziXRh0e bKNo3uuNLpuW/vKdKumXoV3ZvtVD1z97XK3uSEglE990uQvzcfJayOV0dHAi2fS+ h8TjbalKKdXJivkyV1j4lEPEocYJy7ZVAd51yLiQzyqnkfPlA4DnZkN9Y0p8cj/c lqBcRrNolVF3XVqJSu5RZCKxcgNPmIPT4f5POQ/GxA8zgwI+keisJUigQKcnK8ZX piB7aKot+Y2O47Qq68Ftcmiz8aJLbUgeXW7PX3sLTVdAH2MHN6rQm3v4FwtSREJn BRq6V1UqgSBD+OZRCS1sXjx6ie7OE0mDlxPFCDL89w9qYQUACS3yyU0YuWOVkDiY YmBD19h5PxU1qtPYVga63d7ED6qVFjJDlKxLtFElHzCdKkrDzDr4PGRww/B66vLd RvL/6YCXlpLZDHkxcttvFu69zXau/Hu5QHSM4ir/tRKzJM2u9b02QDzecmQHlF8v scqbQNzGLKniVZQ4MzqNDNYbYglF/fgbM3gYIRkfD1ODxsh7+k3VzCiwZFC1heeD ApUUCjNEbj8= =0Tdk -----END PGP SIGNATURE-----