Fortinet has issued an advisory for a now-patched essential safety flaw impacting Wi-fi LAN Supervisor (FortiWLM) that would result in disclosure of delicate data.
The vulnerability, tracked as CVE-2023-34990, carries a CVSS rating of 9.6 out of a most of 10.0.
“A relative trail traversal [CWE-23] in FortiWLM might permit a far flung unauthenticated attacker to learn delicate recordsdata,” the corporate stated in an alert launched Wednesday.
On the other hand, in line with an outline of the protection flaw within the NIST’s Nationwide Vulnerability Database (NVD), the trail traversal vulnerability may be exploited by way of an attacker to “execute unauthorized code or instructions by means of specifically crafted internet requests.”
The flaw affects the next variations of the product –
- FortiWLM variations 8.6.0 thru 8.6.5 (Fastened in 8.6.6 or above)
- FortiWLM variations 8.5.0 thru 8.5.4 (Fastened in 8.5.5 or above)
The corporate credited Horizon3.ai safety researcher Zach Hanley for locating and reporting the inability. It is price bringing up right here that CVE-2023-34990 refers back to the “unauthenticated restricted report learn vulnerability” the cybersecurity corporate published again in March as a part of a broader set of six flaws in FortiWLM.
“This vulnerability lets in far flung, unauthenticated attackers to get entry to and abuse builtin capability intended to learn particular log recordsdata at the machine by means of a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint,” Hanley stated on the time.
“This factor effects from the loss of enter validation on request parameters permitting an attacker to traverse directories and browse any log report at the machine.”
A a hit exploitation of CVE-2023-34990 may just permit the danger actor to learn FortiWLM log recordsdata and pay money for the consultation ID of a consumer and login, thereby permitting them to exploit authenticated endpoints as smartly.
To make issues worse, the attackers may just make the most of the truth that the internet consultation IDs are static between consumer classes to hijack them and acquire administrative permissions to the applying.
That isn’t all. An attacker may just additionally mix CVE-2023-34990 with CVE-2023-48782 (CVSS rating: 8.8), an authenticated command injection flaw that has additionally been mounted in FortiWLM 8.6.6, to procure far flung code execution within the context of root.
Additionally patched by way of Fortinet is a high-severity working machine command injection vulnerability in FortiManager that can permit an authenticated far flung attacker to execute unauthorized code by means of FGFM-crafted requests.
The vulnerability (CVE-2024-48889, CVSS rating: 7.2) has been addressed within the under variations –
- FortiManager 7.6.0 (Fastened in 7.6.1 or above)
- FortiManager variations 7.4.0 thru 7.4.4 (Fastened in 7.4.5 or above)
- FortiManager Cloud variations 7.4.1 thru 7.4.4 (Fastened in 7.4.5 or above)
- FortiManager variations 7.2.3 thru 7.2.7 (Fastened in 7.2.8 or above)
- FortiManager Cloud variations 7.2.1 thru 7.2.7 (Fastened in 7.2.8 or above)
- FortiManager variations 7.0.5 thru 7.0.12 (Fastened in 7.0.13 or above)
- FortiManager Cloud variations 7.0.1 thru 7.0.12 (Fastened in 7.0.13 or above)
- FortiManager variations 6.4.10 thru 6.4.14 (Fastened in 6.4.15 or above)
Fortinet additionally famous that numerous older fashions, 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, and 3900E, are suffering from CVE-2024-48889 supplied the “fmg-status” is enabled.
With Fortinet units changing into an assault magnet for danger actors, it’s good to that customers stay their cases up-to-date to safeguard towards possible threats.