Path Traversal Vulnerability in Fortinet FortiWLM
CVE-2023-34990
Key Information
- Vendor
- Fortinet
- Status
- Fortiwlm
- Vendor
- CVE Published:
- 18 December 2024
Badges
Summary
CVE-2023-34990 represents a critical path traversal vulnerability in Fortinet's FortiWLM product. This vulnerability affects multiple versions of the software, allowing an attacker to execute unauthorized commands through specially crafted web requests. If exploited, this could lead to severe security breaches, enabling attackers to affect the integrity and availability of affected systems. Organizations using FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 are strongly advised to review their configurations and apply necessary updates to mitigate the risks associated with this vulnerability. For more details, please refer to the FortiGuard advisory.
Affected Version(s)
FortiWLM <= 8.6.5
FortiWLM <= 8.5.4
News Articles
DataconomyFortinet urges immediate action: Critical RCE flaw exposes systems
Fortinet has addressed critical vulnerabilities in its Wireless LAN Manager (FortiWLM) that could lead to unauthenticated remote code execution (RCE) and
2 days ago
Fortinet Addresses Unpatched Critical RCE Vector
Fortinet has patched CVE-2023-34990 and CVE-2023-48782 in its Wireless LAN Manager (FortiWLM), which combined allow for unauthenticated remote code execution (RCE) and the ability to read all log files.
2 days ago
Fortinet warns of FortiWLM bug giving hackers admin privileges
Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests.
3 days ago
Refferences
CVSS V3.1
Timeline
- 👾
Exploit known to exist
First article discovered by Cyber Security News
Vulnerability published
Vulnerability Reserved