Network security specialists recently reported the finding of a security vulnerability in fortiAP CLI wireless access points developed by California-based technology firm Fortinet. This flaw can be exploited by some remote threat actor to trigger the execution of arbitrary commands on the target system by using specially designed ifconfig commands.
The vulnerability, tracked as CVE-2019-15708 and reported last February 10, allows the execution of arbitrary code on the target system, in addition potential attackers do not require authentication on the target system, so it is considered a serious security flaw.
The vulnerability was reported in a timely manner to Fortinet by NYC Cyber Command researchers.
Regarding potentially affected products, network security specialists mention that these are:
- FortiAP-S/W2, versions 6.2.1, 6.2.0, 6.0.5 and earlier
- FortiAP v6.0.5 and earlier
- FortiAP-U, any version prior to v6.0.0
The tech company has already released the corresponding security patches. Administrators of affected deployments should upgrade to the following versions:
- FortiAP-S/W2 6.0.6 or 6.2.2
- FortiAP 6.0.6
- FortiAP-U 6.0.0
For more information on updates and their installation, visit Fortinet’s official platforms, as well as official platforms for reporting and publicly disclose security vulnerabilities.
Network security threats appear consistently in the products and deployments of all industry members, making it vital for developers, manufacturers, and users to encourage security failure reporting, installation of security updates and other practices that contribute to the creation of a complete security environment.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.