Fortinet has warned about a critical security vulnerability in its Wireless LAN Manager, FortiWLM, software identified as CVE-2023-349990.
Fortinet has warned about a critical security vulnerability in its Wireless LAN Manager, FortiWLM, software identified as CVE-2023-349990.
With a CVSS score of 9.6, this path traversal vulnerability enables attackers to exploit improper input validation without authentication remotely. The vulnerability allows them to access sensitive files and potentially gain unauthorised administrator privileges, posing a significant risk to affected systems.
FortiWLM, an application suite for wireless device management, allows enterprises to monitor, manage, and control wireless networks integrated with Fortinet firewalls, all centralised under FortiManager.
The vulnerability CVE-2023-349990 in FortiWLM, discovered by Zach Hanley of Horizon3.ai, allows remote, unauthenticated attackers to access system log files via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. The flaw results from insufficient input validation, allowing attackers to traverse directories and read any log file.
This vulnerability affects FortiWLM versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4 and has fixed both the vulnerabilities in FortiWLM versions 8.6.6 to 8.5.5
The directory traversal flaw allows attackers to send crafted requests to a specific endpoint in FortiWLM and retrieve arbitrary log files containing administrator session ID tokens. As the web session ID remains static for authenticated users, attackers can impersonate the administrator and perform administrative actions.
Zach Hanley from Horizon3.ai warned that an attacker who obtains the session ID could hijack sessions and gain administrative access. However, it remains unclear why Fortinet didn't patch this vulnerability alongside another issue last year, and further clarification is pending from both Fortinet and Horizon3.ai.
In addition to CVE-2023-349990, attackers could combine this vulnerability with CVE-2023-48782(CVSS 8.6), an authenticated command injection flaw, to achieve remote code execution with root privileges. Both the vulnerabilities have been fixed in FortiWLM8.6.6
Fortinet also patched a high-severity OS command injection vulnerability in FortiManager, which could allow an authenticated remote attacker to execute unauthorised code through specially crafted FGFM requests.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.