Relative Path Traversal in Fortinet FortiWLM Affects Multiple Versions
CVE-2023-42783

7.3HIGH

Key Information:

Vendor: Fortinet
Status: Fortiwlm
Vendor: CVE Published:; 14 November 2023

Summary

FortiWLM, a wireless LAN controller by Fortinet, is impacted by a relative path traversal vulnerability that allows an attacker to read arbitrary files on the system. This issue affects multiple versions, from 8.6.0 through 8.6.5, as well as earlier versions down to 8.2.2. Attackers can exploit this vulnerability through specially crafted HTTP requests to gain unauthorized access to sensitive information, thus highlighting the importance of timely software updates and security patches.

Affected Version(s)

FortiWLM 8.6.0 <= 8.6.6

FortiWLM 8.5.0 <= 8.5.4

FortiWLM 8.4.0 <= 8.4.2

References

https://fortiguard.com/psirt/FG-IR-23-143

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Sep 14, 2023