Vulnerability / Network Security
Fortinet has issued an advisory regarding a recently patched critical security vulnerability affecting its Wireless LAN Manager (FortiWLM), which poses a risk of exposing sensitive information.
This vulnerability, identified as CVE-2023-34990, has been rated with a CVSS score of 9.6 out of 10, indicating a severe threat level.
“A relative path traversal [CWE-23] within FortiWLM may enable a remote unauthenticated attacker to access sensitive files,” the company stated in a notification released on Wednesday.
Furthermore, according to the National Vulnerability Database (NVD), this path traversal vulnerability could potentially allow attackers to execute unauthorized commands through specially crafted web requests.
Fortinet highlighted that the flaw impacts the following product versions:
- FortiWLM versions 8.6.0 to 8.6.5 (fixed in 8.6.6 or above)
- FortiWLM versions 8.5.0 to 8.5.4 (fixed in 8.5.5 or above)
The discovery of this vulnerability has been credited to Zach Hanley, a security researcher at Horizon3.ai. Notably, CVE-2023-34990 refers to a previously disclosed “unauthenticated limited file read vulnerability” that was part of a larger set of vulnerabilities in FortiWLM.
“This vulnerability allows remote, unauthenticated attackers to exploit built-in functionalities intended to access specific log files on the system via modified requests,” Hanley explained.
Successful exploitation of CVE-2023-34990 can allow attackers to access FortiWLM log files, compromising session IDs and other sensitive data, which in turn facilitates the exploitation of authenticated endpoints.
The static nature of web session IDs between user sessions further exacerbates the issue, enabling attackers to hijack sessions and gain administrative access to the system.
Moreover, attackers could combine this vulnerability with CVE-2023-48782 (CVSS score: 8.8), which is an authenticated command injection flaw also patched in FortiWLM 8.6.6, to achieve remote code execution with root privileges.
Additionally, Fortinet has addressed a high-severity operating system command injection vulnerability in FortiManager, which may permit authenticated attackers to execute unauthorized code through crafted requests.
Fortinet has rolled out patches in the following versions to rectify this vulnerability (CVE-2024-48889, CVSS score: 7.2):
- FortiManager 7.6.0 (fixed in 7.6.1 or higher)
- FortiManager versions 7.4.0 to 7.4.4 (fixed in 7.4.5 or higher)
- FortiManager Cloud versions 7.4.1 to 7.4.4 (fixed in 7.4.5 or higher)
- FortiManager versions 7.2.3 to 7.2.7 (fixed in 7.2.8 or higher)
- FortiManager Cloud versions 7.2.1 to 7.2.7 (fixed in 7.2.8 or higher)
- FortiManager versions 7.0.5 to 7.0.12 (fixed in 7.0.13 or higher)
- FortiManager Cloud versions 7.0.1 to 7.0.12 (fixed in 7.0.13 or higher)
- FortiManager versions 6.4.10 to 6.4.14 (fixed in 6.4.15 or higher)
Fortinet has also noted that several older models, including 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, and 3900E, are susceptible to CVE-2024-48889 if the “fmg-status” feature is activated.
With Fortinet devices increasingly targeted by cybercriminals, it is vital for users to keep their systems updated to mitigate potential risks.
To enliven our content, please see the image below:
If you found this article insightful, follow us on Twitter and LinkedIn for more exclusive content.
Article has been taken from thehackernews.com: https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html
