Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2383 FortiAP - Execute Arbitrary Code/Commands 14 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FortiAP Publisher: Fortinet Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-26106 Original Bulletin: https://fortiguard.com/psirt/FG-IR-20-210 - --------------------------BEGIN INCLUDED TEXT-------------------- FortiAP - OS command Injection through kdbg CLI command IR Number : FG-IR-20-210 Date : Jun 30, 2021 Risk : 4/5 CVSSv3 Score : 7.6 Impact : Execute unauthorized code or commands CVE ID : CVE-2021-26106 Affected Products: FortiAP: 6.4.5, 6.4.4, 6.4.3, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0 FortiAP-S FortiAP-W2 Summary An instance of improper neutralization of special elements used in an OS Command found in FortiAP's console may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. Impact Execute unauthorized code or commands Affected Products FAP 6.4.1 through 6.4.5 FAP-S 6.2.4 through 6.2.5 FAP-W2 6.2.4 through 6.2.5 Solutions Please upgrade to FortiAP 7.0.0 or above. Please upgrade to FortiAP 6.4.6 or above. Please upgrade to FortiAP-S 6.4.6 or above. Please upgrade to FortiAP-S 6.2.6 or above. Please upgrade to FortiAP-W2 7.0.0 or above. Please upgrade to FortiAP-W2 6.4.6 or above. Please upgrade to FortiAP-W2 6.2.6 or above. Acknowledgement Fortinet is pleased to thank Martin Meredith from kiwibank for reporting this vulnerability under responsible disclosure - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYO5wC+NLKJtyKPYoAQjHAhAAkeLF/Kp1p/RSCJRsWIxl1dU0A8pVlc1U dDQ6rFSADwNB7BpStkfSzVlNEmp4zBov8s6yYzLa4wjIsRt7vvHHdCJtx41kLiiy nPslLjIe2kqtjzxvO8Fn/ll+Cq6Jy4fqAB+3/kiynhsW4rp68FCv9J3IL6BPZea7 R0QWbl4zqLdvml3Q3mGIWlsbN4jwJDkG/szsbOKgEXqyvvMVRu/LFn50niKrqWkY zSJYx30mUs+bfx2FZoCawrl9XaEF7xkmb1KR242sJmOQdNHsbAWbW6CqTrIJRIqq h2Otx1F//VBZjrdpqT8NJPax/SKK/3wZkYsOizfP8NxiyMeyescSTenwb7d2iMqL PTBaWxTYQoLNiN3OzokiibaoLN0vf8cQn4w6lLvmBIbPynrHGB14+O22Jgdm/REb PkcW5+gLLVwL17LKGQbFUbRDyOdyKpJh3xAOsl8uJQOn8w+q6bSn3684otQyHPhJ N803NrvTo7uLVakKJYdza1I2tNtgC3caIRUjfShbETlyW4jZESpcra1o3ta9R7zO pKZMl7KZSp2sLHhQQroD4HaDaIwWno/WahWlohQcYgkoYH4bD9k4sWQ/3j00xeGc UkyCgEdWb3PwZY3ybORv/rHm8w93ite73jq8e4v+QvlhQeyn7cESIvjQuCV4YJiJ ciTaR5PLxFY= =Qnw/ -----END PGP SIGNATURE-----