Fortinet has recently issued a critical advisory regarding a significant security vulnerability affecting its Wireless LAN Manager, FortiWLM, which has been patched. This flaw has the potential to expose sensitive information and affects various versions of the FortiWLM software. The vulnerability, classified as CVE-2023-34990, has been assigned a high severity score of 9.6 on the CVSS scale. Although Fortinet addressed the issue on August 18, 2023, it was not formally recognized with a CVE at that time; this oversight was rectified in early September when an updated list of supported FortiOS versions was released.
According to Fortinet, “A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files.” This vulnerability enhances the risk profile for organizations using FortiWLM, especially since the National Vulnerability Database (NVD) suggests that an attacker could exploit this flaw to execute unauthorized commands through specially crafted web requests.
The vulnerability affects FortiWLM versions 8.6.0 through 8.6.5, and versions 8.5.0 through 8.5.4, with the corrected versions being 8.6.6 and 8.5.5 respectively. Security researcher Zach Hanley from Horizon3.ai was credited with discovering and reporting this issue, which is part of a broader set of flaws that were uncovered in March 2023.
Fortinet’s advisory states that this vulnerability enables remote, unauthenticated attackers to utilize built-in functionality to access log files via crafted requests directed at the endpoint /ems/cgi-bin/ezrf_lighttpd.cgi. The lack of adequate input validation on request parameters leads to directory traversal vulnerabilities, allowing attackers to read sensitive log files and retrieve user session IDs. This could potentially enable attackers to exploit authenticated endpoints, escalating their access further.
The exploitation of CVE-2023-34990 poses significant risks as it allows threat actors to hijack static web session IDs, which could grant them administrative access to the system. Additionally, attackers may also exploit the vulnerability in combination with CVE-2023-48782, another recently patched issue within FortiWLM, to achieve remote code execution with root privileges.
Fortinet has also addressed a high-severity operating system command injection vulnerability in FortiManager, which allows authenticated remote attackers to execute unauthorized code through specially crafted FGFM requests. This vulnerability, tracked as CVE-2024-48889 and rated at 7.2 on the CVSS scale, affects various versions of FortiManager.
As cyber threats increasingly target Fortinet devices, it is imperative for organizations utilizing these tools to maintain vigilance and promptly update their systems to mitigate potential security risks effectively. Regular monitoring of cybersecurity advisories and proactive patch management practices are essential to safeguarding against evolving threats in the digital landscape.
This incident not only highlights the vulnerabilities present but also reinforces the necessity for business owners to adhere to best practices in security. Adopting a defensive posture employing MITRE ATT&CK tactics, such as initial access, privilege escalation, and exploitation of vulnerable software, can greatly enhance an organization’s resilience against potential breaches.
