Introduction
Fortinet has released critical advisories and patches addressing significant vulnerabilities in its Wireless LAN Manager (FortiWLM) and FortiManager products. These vulnerabilities could potentially allow attackers to execute unauthorized code or commands remotely, posing severe security risks.
Description
Fortinet has issued urgent advisories and patches regarding critical vulnerabilities affecting its Wireless LAN Manager (FortiWLM) and FortiManager products, which could allow attackers to execute unauthorized code or commands remotely [3].
The most severe vulnerability [1], CVE-2023-34990 [1] [2] [3] [4] [5], is a critical security flaw in FortiWLM [3], with a CVSS score of 9.6 [1] [2] [3] [4]. This vulnerability involves inadequate input validation on incoming web requests, specifically due to improper validation of the imagename parameter in the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint [3]. It enables unauthenticated remote attackers to perform relative path traversal, allowing them to read sensitive files and execute arbitrary code, thereby gaining full system control through specially crafted payloads [4]. Successful exploitation can lead to administrative access [4], manipulation of network settings [4], monitoring of sensitive communications [4], and disruption of wireless services [4]. The affected versions include FortiWLM 8.6 (8.6.0 through 8.6.5) and FortiWLM 8.5 (8.5.0 through 8.5.4) [3], with fixes available in FortiWLM 8.6.6 or above and 8.5.5 or above, respectively.
Additionally, CVE-2023-48782 affects FortiManager [3], a centralized security management platform [3], and is rated CVSS 8.8. This vulnerability results from improper neutralization of special elements in OS commands [3], potentially allowing authenticated attackers to execute arbitrary code remotely [3]. When exploited in conjunction with CVE-2023-34990 [1] [5], it can lead to root-level remote code execution. The affected versions include FortiManager 7.6 (7.6.0), 7.4 (7.4.0 through 7.4.4), 7.4 Cloud (7.4.1 through 7.4.4), 7.2 (7.2.3 through 7.2.7), 7.2 Cloud (7.2.1 through 7.2.7), 7.0 (7.0.5 through 7.0.12), 7.0 Cloud (7.0.1 through 7.0.12) [3], and 6.4 (6.4.10 through 6.4.14) [3]. Older FortiAnalyzer models with the fmg-status feature enabled are also impacted [3]. Users are strongly advised to upgrade to the latest versions to mitigate these risks.
Given Fortinet’s status as a frequent target for cyberattacks [5], organizations using FortiWLM and FortiManager are urged to apply the necessary updates immediately. Proactive patching [4], network monitoring [4], and enforcement of security policies are essential to mitigate potential attacks [4], and continued vigilance is necessary as further information on exploitation methods may emerge [4].
Conclusion
The vulnerabilities in Fortinet’s FortiWLM and FortiManager products present significant security threats, necessitating immediate action from users. By applying the recommended patches and updates, organizations can protect themselves from potential exploitation. Continuous monitoring and adherence to robust security policies are crucial in safeguarding against future threats, as the landscape of cyber threats continues to evolve.
References
[1] https://clickcontrol.com/cyber-crime/critical-fortinet-flaw-exposes-networks-to-unauthorized-admin-access-patch-now/
[2] https://cyber.vumetric.com/security-news/2024/12/19/fortinet-warns-of-critical-fortiwlm-flaw-that-could-lead-to-admin-access-exploits/
[3] https://cybersecuritynews.com/fortinet-remote-code-vulnerability/
[4] https://cybersecsentinel.com/fortiwlm-security-alert-critical-remote-code-execution-flaw-discovered/
[5] https://www.darkreading.com/vulnerabilities-threats/fortinet-addresses-unpatched-critical-rce-vector
