Path Traversal Vulnerability in Fortinet FortiWLM
CVE-2023-34990

9.6CRITICAL

Key Information:

Vendor
Fortinet
Status
Fortiwlm
Vendor
CVE Published:
18 December 2024

Badges

📈 Score: 1,450👾 Exploit Exists📰 News Worthy

What is CVE-2023-34990?

CVE-2023-34990 is a significant vulnerability affecting Fortinet’s FortiWLM, a wireless LAN management solution designed to help organizations deploy and manage wireless networks effectively. This vulnerability arises due to a relative path traversal issue in specific versions of the software, enabling attackers to execute unauthorized code or commands. The exploitation of this vulnerability can lead to unauthorized access and control over network systems, ultimately jeopardizing the integrity and confidentiality of organizational data.

Technical Details

The vulnerability exists in Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. It permits an attacker to manipulate web requests in a way that allows for unauthorized code execution. This technical flaw can be exploited without needing physical access to the device or network, making it particularly concerning for organizations relying on FortiWLM for their wireless infrastructure.

Potential impact of CVE-2023-34990

  1. Unauthorized Code Execution: Attackers can execute arbitrary code on affected Fortinet systems, potentially allowing them to install malware, exfiltrate sensitive information, or further compromise network resources.

  2. Network Compromise: The capability to run commands without authorization can lead to substantial disruption in network operations, including rerouting traffic or disabling critical services, which can affect business continuity.

  3. Data Breaches: Exploitation of this vulnerability could result in unauthorized access to sensitive data, posing a risk of data leaks or breaches that can have long-lasting ramifications for organizational reputation and compliance with regulatory standards.

Affected Version(s)

FortiWLM 8.6.0 <= 8.6.5

FortiWLM 8.5.0 <= 8.5.4

News Articles

favicon imageDataconomy

Fortinet urges immediate action: Critical RCE flaw exposes systems

Fortinet has addressed critical vulnerabilities in its Wireless LAN Manager (FortiWLM) that could lead to unauthenticated remote code execution (RCE) and

1 month ago

favicon image

Fortinet Addresses Unpatched Critical RCE Vector

Fortinet has patched CVE-2023-34990 and CVE-2023-48782 in its Wireless LAN Manager (FortiWLM), which combined allow for unauthenticated remote code execution (RCE) and the ability to read all log files.

1 month ago

favicon imageBleepingComputer

Fortinet warns of FortiWLM bug giving hackers admin privileges

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests.

1 month ago

References

https://fortiguard.com/psirt/FG-IR-23-144

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Cyber Security News

  • Vulnerability published

  • Vulnerability Reserved

.