Fortinet Warns of Important FortiWLM Flaw That May Result in Admin Entry Exploits

Dec 19, 2024Ravie LakshmananVulnerability / Community Safety

Fortinet has issued an advisory for a now-patched crucial safety flaw impacting Wi-fi LAN Supervisor (FortiWLM) that would result in disclosure of delicate info.

The vulnerability, tracked as CVE-2023-34990, carries a CVSS rating of 9.6 out of a most of 10.0.

“A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files,” the corporate stated in an alert launched Wednesday.

Nonetheless, in response to a description of the safety flaw within the NIST’s Nationwide Vulnerability Database (NVD), the trail traversal vulnerability may be exploited by an attacker to “execute unauthorized code or commands via specially crafted web requests.”

Cybersecurity

The flaw impacts the next variations of the product –

  • FortiWLM variations 8.6.0 by way of 8.6.5 (Mounted in 8.6.6 or above)
  • FortiWLM variations 8.5.0 by way of 8.5.4 (Mounted in 8.5.5 or above)

The corporate credited Horizon3.ai safety researcher Zach Hanley for locating and reporting the shortcoming. It is price mentioning right here that CVE-2023-34990 refers back to the “unauthenticated limited file read vulnerability” the cybersecurity firm revealed again in March as a part of a broader set of six flaws in FortiWLM.

“This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint,” Hanley stated on the time.

“This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.”

A profitable exploitation of CVE-2023-34990 may enable the risk actor to learn FortiWLM log recordsdata and pay money for the session ID of a person and login, thereby permitting them to take advantage of authenticated endpoints as properly.

To make issues worse, the attackers may reap the benefits of the truth that the online session IDs are static between person classes to hijack them and achieve administrative permissions to the equipment.

That is not all. An attacker may additionally mix CVE-2023-34990 with CVE-2023-48782 (CVSS rating: 8.8), an authenticated command injection flaw that has additionally been fastened in FortiWLM 8.6.6, to acquire distant code execution within the context of root.

Additionally patched by Fortinet is a high-severity working system command injection vulnerability in FortiManager which will enable an authenticated distant attacker to execute unauthorized code by way of FGFM-crafted requests.

Cybersecurity

The vulnerability (CVE-2024-48889, CVSS rating: 7.2) has been addressed within the under variations –

  • FortiManager 7.6.0 (Mounted in 7.6.1 or above)
  • FortiManager variations 7.4.0 by way of 7.4.4 (Mounted in 7.4.5 or above)
  • FortiManager Cloud variations 7.4.1 by way of 7.4.4 (Mounted in 7.4.5 or above)
  • FortiManager variations 7.2.3 by way of 7.2.7 (Mounted in 7.2.8 or above)
  • FortiManager Cloud variations 7.2.1 by way of 7.2.7 (Mounted in 7.2.8 or above)
  • FortiManager variations 7.0.5 by way of 7.0.12 (Mounted in 7.0.13 or above)
  • FortiManager Cloud variations 7.0.1 by way of 7.0.12 (Mounted in 7.0.13 or above)
  • FortiManager variations 6.4.10 by way of 6.4.14 (Mounted in 6.4.15 or above)

Fortinet additionally famous that quite a few older fashions, 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, and 3900E, are affected by CVE-2024-48889 supplied the “fmg-status” is enabled.

With Fortinet gadgets changing into an assault magnet for risk actors, it is important that customers maintain their cases up-to-date to safeguard in opposition to potential threats.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Recent articles

Juniper Warns of Mirai Botnet Concentrating on SSR Gadgets with Default Passwords

Dec 19, 2024Ravie LakshmananMalware / Botnet Juniper Networks is warning...

New Cell Phishing Targets Executives with Faux DocuSign Hyperlinks

KEY SUMMARY POINTS Focused Assaults: Subtle spear phishing campaigns are...

Bitter APT Targets Turkish Protection Sector with WmRAT and MiyaRAT Malware

Dec 17, 2024Ravie LakshmananCyber Espionage / Malware A suspected South...