CVE-2023-25608 Information

Description

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1 7.0.3 through 7.0.5 7.0.0 through 7.0.1 6.4 all versions 6.2 all versions 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4 5.2 all versions; FortiAP 7.2.0 through 7.2.1 7.0.0 through 7.0.5 6.4 all versions 6.0 all versions; FortiAP-U 7.0.0 6.2.0 through 6.2.5 6.0 all versions 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.

Reference

https://fortiguard.com/psirt/FG-IR-22-120