0.4 C
Washington
Monday, December 23, 2024

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Must read

Fortinet has issued an advisory for a now-patched important safety flaw impacting Wi-fi LAN Supervisor (FortiWLM) that would result in disclosure of delicate data.

The vulnerability, tracked as CVE-2023-34990, carries a CVSS rating of 9.6 out of a most of 10.0. It was initially mounted by Fortinet again in September 2023, however with no CVE designation.

“A relative path traversal [CWE-23] in FortiWLM might permit a distant unauthenticated attacker to learn delicate information,” the corporate mentioned in an alert launched Wednesday.

Nevertheless, based on an outline of the safety flaw within the NIST’s Nationwide Vulnerability Database (NVD), the trail traversal vulnerability may be exploited by an attacker to “execute unauthorized code or instructions through specifically crafted net requests.”

The flaw impacts the next variations of the product –

  • FortiWLM variations 8.6.0 by 8.6.5 (Mounted in 8.6.6 or above)
  • FortiWLM variations 8.5.0 by 8.5.4 (Mounted in 8.5.5 or above)

The corporate credited Horizon3.ai safety researcher Zach Hanley for locating and reporting the shortcoming. It is value mentioning right here that CVE-2023-34990 refers back to the “unauthenticated restricted file learn vulnerability” the cybersecurity firm revealed again in March as a part of a broader set of six flaws in FortiWLM.

“This vulnerability permits distant, unauthenticated attackers to entry and abuse builtin performance meant to learn particular log information on the system through a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint,” Hanley mentioned on the time.

“This subject outcomes from the dearth of enter validation on request parameters permitting an attacker to traverse directories and browse any log file on the system.”

See also  New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

A profitable exploitation of CVE-2023-34990 might permit the risk actor to learn FortiWLM log information and pay money for the session ID of a consumer and login, thereby permitting them to take advantage of authenticated endpoints as nicely.

To make issues worse, the attackers might reap the benefits of the truth that the net session IDs are static between consumer classes to hijack them and achieve administrative permissions to the equipment.

That is not all. An attacker might additionally mix CVE-2023-34990 with CVE-2023-48782 (CVSS rating: 8.8), an authenticated command injection flaw that has additionally been mounted in FortiWLM 8.6.6, to acquire distant code execution within the context of root.

Individually patched by Fortinet is a high-severity working system command injection vulnerability in FortiManager that will permit an authenticated distant attacker to execute unauthorized code through FGFM-crafted requests.

The vulnerability (CVE-2024-48889, CVSS rating: 7.2) has been addressed within the under variations –

  • FortiManager 7.6.0 (Mounted in 7.6.1 or above)
  • FortiManager variations 7.4.0 by 7.4.4 (Mounted in 7.4.5 or above)
  • FortiManager Cloud variations 7.4.1 by 7.4.4 (Mounted in 7.4.5 or above)
  • FortiManager variations 7.2.3 by 7.2.7 (Mounted in 7.2.8 or above)
  • FortiManager Cloud variations 7.2.1 by 7.2.7 (Mounted in 7.2.8 or above)
  • FortiManager variations 7.0.5 by 7.0.12 (Mounted in 7.0.13 or above)
  • FortiManager Cloud variations 7.0.1 by 7.0.12 (Mounted in 7.0.13 or above)
  • FortiManager variations 6.4.10 by 6.4.14 (Mounted in 6.4.15 or above)

Fortinet additionally famous that quite a few older fashions, 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, and 3900E, are affected by CVE-2024-48889 offered the “fmg-status” is enabled.

See also  SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

With Fortinet units turning into an assault magnet for risk actors, it is important that customers maintain their cases up-to-date to safeguard in opposition to potential threats.

Related News

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News