Fortinet has issued an advisory for a now-patched essential safety flaw impacting Wi-fi LAN Supervisor (FortiWLM) that might result in disclosure of delicate info.
The vulnerability, tracked as CVE-2023-34990, carries a CVSS rating of 9.6 out of a most of 10.0.
“A relative path traversal [CWE-23] in FortiWLM could enable a distant unauthenticated attacker to learn delicate information,” the corporate stated in an alert launched Wednesday.
Nonetheless, in response to an outline of the safety flaw within the NIST’s Nationwide Vulnerability Database (NVD), the trail traversal vulnerability is also exploited by an attacker to “execute unauthorized code or instructions by way of specifically crafted internet requests.”
The flaw impacts the next variations of the product –
- FortiWLM variations 8.6.0 by means of 8.6.5 (Fastened in 8.6.6 or above)
- FortiWLM variations 8.5.0 by means of 8.5.4 (Fastened in 8.5.5 or above)
The corporate credited Horizon3.ai safety researcher Zach Hanley for locating and reporting the shortcoming. It is value mentioning right here that CVE-2023-34990 refers back to the “unauthenticated restricted file learn vulnerability” the cybersecurity firm revealed again in March as a part of a broader set of six flaws in FortiWLM.
“This vulnerability permits distant, unauthenticated attackers to entry and abuse builtin performance meant to learn particular log information on the system by way of a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint,” Hanley stated on the time.
“This challenge outcomes from the dearth of enter validation on request parameters permitting an attacker to traverse directories and browse any log file on the system.”
A profitable exploitation of CVE-2023-34990 may enable the menace actor to learn FortiWLM log information and pay money for the session ID of a consumer and login, thereby permitting them to use authenticated endpoints as nicely.
To make issues worse, the attackers may reap the benefits of the truth that the net session IDs are static between consumer classes to hijack them and acquire administrative permissions to the equipment.
That is not all. An attacker may additionally mix CVE-2023-34990 with CVE-2023-48782 (CVSS rating: 8.8), an authenticated command injection flaw that has additionally been mounted in FortiWLM 8.6.6, to acquire distant code execution within the context of root.
Additionally patched by Fortinet is a high-severity working system command injection vulnerability in FortiManager which will enable an authenticated distant attacker to execute unauthorized code by way of FGFM-crafted requests.
The vulnerability (CVE-2024-48889, CVSS rating: 7.2) has been addressed within the under variations –
- FortiManager 7.6.0 (Fastened in 7.6.1 or above)
- FortiManager variations 7.4.0 by means of 7.4.4 (Fastened in 7.4.5 or above)
- FortiManager Cloud variations 7.4.1 by means of 7.4.4 (Fastened in 7.4.5 or above)
- FortiManager variations 7.2.3 by means of 7.2.7 (Fastened in 7.2.8 or above)
- FortiManager Cloud variations 7.2.1 by means of 7.2.7 (Fastened in 7.2.8 or above)
- FortiManager variations 7.0.5 by means of 7.0.12 (Fastened in 7.0.13 or above)
- FortiManager Cloud variations 7.0.1 by means of 7.0.12 (Fastened in 7.0.13 or above)
- FortiManager variations 6.4.10 by means of 6.4.14 (Fastened in 6.4.15 or above)
Fortinet additionally famous that quite a lot of older fashions, 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, and 3900E, are affected by CVE-2024-48889 offered the “fmg-status” is enabled.
With Fortinet gadgets changing into an assault magnet for menace actors, it is important that customers preserve their situations up-to-date to safeguard in opposition to potential threats.