cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-26012,https://securityvulnerability.io/vulnerability/CVE-2024-26012,OS Command Injection Vulnerability in Fortinet FortiAP Products,"An OS command injection vulnerability exists in various Fortinet FortiAP products due to improper neutralization of special characters in OS commands. This vulnerability allows a local authenticated attacker to exploit the command-line interface (CLI) and execute unauthorized code, potentially compromising the security of the device. Affected versions span multiple releases, necessitating immediate action to mitigate risks.",Fortinet,"Fortiap-s,Fortiap-w2,Fortiap",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2023-36634,https://securityvulnerability.io/vulnerability/CVE-2023-36634,Vulnerability in FortiAP Command Line Interpreter Impacts File Management,"The vulnerability in the command line interpreter of FortiAP may allow authenticated attackers to list and delete arbitrary files and directories by leveraging specially crafted command arguments. This issue arises from an incomplete filtering of special elements, presenting significant risks in file management tasks. Administrators should ensure their systems are updated and patched against this vulnerability to prevent unauthorized access and potential data manipulation.",Fortinet,Fortiap-u,6.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-09-13T13:15:00.000Z,0
CVE-2023-25608,https://securityvulnerability.io/vulnerability/CVE-2023-25608,Incomplete Filtering Vulnerability in Fortinet FortiAP Products,"Fortinet's FortiAP series, including various versions of FortiAP-W2, FortiAP-C, and FortiAP-U, are susceptible to an incomplete filtering vulnerability. This flaw allows an authenticated attacker to exploit the command line interpreter, potentially gaining unauthorized access to sensitive files by leveraging specially crafted command arguments. Admins must be vigilant to patch affected versions and safeguard their networks against this vector of attack.",Fortinet,"Fortiap-w2,Fortiap-c,Fortiap,Fortiap-u,Fortiap-s",5.2,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-09-13T13:15:00.000Z,0
CVE-2022-29058,https://securityvulnerability.io/vulnerability/CVE-2022-29058,OS Command Injection Vulnerability in FortiAP Products by Fortinet,"An OS command injection vulnerability exists in the command line interpreter of multiple FortiAP products. This issue arises from improper neutralization of special elements, allowing an authenticated attacker to execute unauthorized commands by crafting specific arguments to existing commands. This highlights the importance of secure coding practices to mitigate potential exploitation.",Fortinet,"Fortinet Fortiap, Fortiap-s, Fortiap-w2, Fortiap-u",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-09-06T15:10:15.000Z,0
CVE-2022-30301,https://securityvulnerability.io/vulnerability/CVE-2022-30301,Path Traversal Vulnerability in FortiAP-U CLI by Fortinet,"A path traversal vulnerability in FortiAP-U CLI allows admin users to access unauthorized files and potentially delete sensitive data by exploiting crafted CLI commands. This issue exists across multiple versions including 6.2.0 to 6.2.3, 6.0.0 to 6.0.4, and 5.4.0 to 5.4.6, making it crucial for organizations utilizing FortiAP-U CLI to review their configurations and limit administrative command access to prevent potential compromises.",Fortinet,Fortinet Fortiap-u,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-07-18T16:35:46.000Z,0
CVE-2022-22301,https://securityvulnerability.io/vulnerability/CVE-2022-22301,OS Command Injection Vulnerability in FortiAP-C Console by Fortinet,"An OS Command injection vulnerability exists in the FortiAP-C console, affecting versions 5.4.0 through 5.4.3 and 5.2.0 through 5.2.1. This issue arises due to improper neutralization of special elements used in command-line interface (CLI) commands, which allows an authenticated attacker to leverage crafted arguments to execute unauthorized commands. Successful exploitation can lead to significant security breaches within the affected systems.",Fortinet,Fortinet Fortiap-c,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-03-02T10:00:19.000Z,0
CVE-2021-26106,https://securityvulnerability.io/vulnerability/CVE-2021-26106,OS Command Injection Vulnerability in FortiAP Products,"An OS command injection flaw exists in FortiAP devices, where an authenticated user can exploit specific crafted arguments to run unauthorized commands via the kdbg CLI command. This vulnerability can potentially lead to unauthorized system manipulation, emphasizing the importance of applying security updates to affected FortiAP versions.",Fortinet,"Fortinet Fortiap-w2, Fortiap-s, Fortiap",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-07-09T18:26:30.000Z,0
CVE-2019-15709,https://securityvulnerability.io/vulnerability/CVE-2019-15709,Improper Input Validation in FortiAP Products by Fortinet,"An improper input validation issue in FortiAP products permits unauthorized administrators to execute specially crafted tcpdump commands in the CLI. This flaw results in the potential for system file overwriting, posing significant risks to the integrity and security of the affected systems. It is essential for administrators to apply the latest patches and implement proper security measures to mitigate the risks associated with this vulnerability.",Fortinet,"Fortinet Fortiap-s/w2, Fortiap-u",6.5,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2020-06-01T18:37:21.000Z,0
CVE-2019-17657,https://securityvulnerability.io/vulnerability/CVE-2019-17657,"Uncontrolled Resource Consumption in Fortinet FortiSwitch, FortiAnalyzer, FortiManager, and FortiAP","An Uncontrolled Resource Consumption vulnerability exists in Fortinet's FortiSwitch, FortiAnalyzer, FortiManager, and FortiAP products. This issue allows an attacker to exploit specially crafted HTTP requests and responses, leading to a Denial of Service (DoS) condition on the admin webUI. The vulnerability is particularly sensitive to Slow HTTP DoS attacks, which can disrupt the normal operation of these devices and affect service availability.",Fortinet,"Fortinet Fortiswitch,Fortianalyzer,Fortimanager,Fortiap-s/w2",7.5,HIGH,0.0022299999836832285,false,,false,false,false,,,false,false,,2020-04-07T17:11:07.000Z,0
CVE-2019-15708,https://securityvulnerability.io/vulnerability/CVE-2019-15708,Command Injection Vulnerability in Fortinet FortiAP Products,"A command injection vulnerability exists in Fortinet's FortiAP products, specifically within the CLI admin console. This issue allows unauthorized administrators to execute arbitrary system-level commands through specially crafted ifconfig commands. Affected versions include FortiAP-S/W2 6.2.1, 6.2.0, FortiAP 6.0.5 and earlier, as well as FortiAP-U versions below 6.0.0. Organizations using these products are advised to take immediate action to mitigate risks.",Fortinet,"Fortinet Fortiap-s/w2,Fortinet Fortiap-u,Fortinet Fortiap",6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-03-15T22:27:49.000Z,0