CVE-2023-36634 - Vulnerability Details - OpenCVE

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00212.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fortinet	Fortiap-u

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortiap-u::::::::
	cpe:2.3:a:fortinet:fortiap-u::::::::
	cpe:2.3:a:fortinet:fortiap-u::::::::
	cpe:2.3:a:fortinet:fortiap-u:7.0.0:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-40578	An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

Fixes

Solution

Please upgrade to FortiAP-U version 7.0.1 or above Please upgrade to FortiAP-U version 6.2.6 or above

Workaround

No workaround given by the vendor.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-23-123

History

Tue, 24 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-09-13T12:29:31.577Z

Updated: 2024-09-24T19:59:21.111Z

Reserved: 2023-06-25T18:03:39.226Z

Link: CVE-2023-36634

Vulnrichment

Updated: 2024-08-02T16:52:53.999Z

NVD

Status : Modified

Published: 2023-09-13T13:15:08.883

Modified: 2024-11-21T08:10:08.287

Link: CVE-2023-36634

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36634", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-06-25T18:03:39.226Z", "datePublished": "2023-09-13T12:29:31.577Z", "dateUpdated": "2024-09-24T19:59:21.111Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiAP-U", "defaultStatus": "unaffected", "versions": [{"version": "7.0.0", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.5", "status": "affected"}, {"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.4", "status": "affected"}, {"versionType": "semver", "version": "5.4.3", "lessThanOrEqual": "5.4.6", "status": "affected"}, {"version": "5.4.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-09-13T12:29:31.577Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-73", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:R"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiAP-U version 7.0.1 or above Please upgrade to FortiAP-U version 6.2.6 or above "}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-123", "url": "https://fortiguard.com/psirt/FG-IR-23-123"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:53.999Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-123", "url": "https://fortiguard.com/psirt/FG-IR-23-123", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T19:45:17.934399Z", "id": "CVE-2023-36634", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T19:59:21.111Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-123", "name": "https://fortiguard.com/psirt/FG-IR-23-123", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:53.999Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36634", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T19:45:17.934399Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T19:59:15.724Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:R", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Fortinet", "product": "FortiAP-U", "versions": [{"status": "affected", "version": "7.0.0"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.5"}, {"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.0.4"}, {"status": "affected", "version": "5.4.3", "versionType": "semver", "lessThanOrEqual": "5.4.6"}, {"status": "affected", "version": "5.4.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiAP-U version 7.0.1 or above Please upgrade to FortiAP-U version 6.2.6 or above "}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-123", "name": "https://fortiguard.com/psirt/FG-IR-23-123"}], "descriptions": [{"lang": "en", "value": "An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-09-13T12:29:31.577Z"}}}, "cveMetadata": {"cveId": "CVE-2023-36634", "state": "PUBLISHED", "dateUpdated": "2024-09-24T19:59:21.111Z", "dateReserved": "2023-06-25T18:03:39.226Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-09-13T12:29:31.577Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BEF86D0-7255-4054-8AA7-4AA411C5FE32", "versionEndIncluding": "5.4.6", "versionStartIncluding": "5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*", "matchCriteriaId": "607B4B16-A019-4DB5-A3D5-845B3C81E2CA", "versionEndIncluding": "6.0.4", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*", "matchCriteriaId": "D94D840D-28B9-45AB-952C-951710AA63CD", "versionEndIncluding": "6.2.5", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "743763F2-D4DE-4E9D-B112-7CA27C61A423", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments."}, {"lang": "es", "value": "Un filtrado incompleto de una o m\u00e1s instancias de vulnerabilidad de elementos especiales [CWE-792] en el int\u00e9rprete de l\u00ednea de comando de FortiAP-U 7.0.0, 6.2.0 a 6.2.5, 6.0 todas las versiones, 5.4 todas las versiones puede permitir un atacante autenticado para enumerar y eliminar archivos y directorios arbitrarios mediante argumentos de comandos especialmente manipulados."}], "id": "CVE-2023-36634", "lastModified": "2024-11-21T08:10:08.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-13T13:15:08.883", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-123"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}