CVE-2024-26012

Summary

CVE-2024-26012 is a newly disclosed vulnerability affecting various versions of Fortinet FortiAP-S, FortiAP-W2, FortiAP 6.x, and FortiAP 7.x. This issue permits a local, authenticated attacker to inject unauthorized code via the Command-Line Interface (CLI) through an improperly neutralized special element in os commands, posing a significant security risk. FortiAP devices running FortiOS 6.2, 6.4.0 through 6.4.9, 7.0, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 are all susceptible to this vulnerability. A successful exploit could lead to arbitrary code execution, potential privilege escalation, and unauthorized system access. Fortinet strongly advises users to update their affected FortiAP devices to the latest patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.