Fortinet warnt vor FortiWLM-Bug, der Hackern Admin-Rechte verleiht

Teilen:

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests.

FortiWLM is a centralized management tool for monitoring, managing, and optimizing wireless networks. It’s used by government agencies, healthcare organizations, educational institutions, and large enterprises.

The flaw, tracked as CVE-2023-34990, is a relative path traversal flaw rated with a score of 9.8.

Horizon3 researcher Zach Hanley discovered and disclosed the vulnerability to Fortinet in May 2023. However, the flaw remained unfixed ten months later, and Hanley decided to disclose information and a POC it on March 14, 2024 in a technical writeup about other Fortinet flaws he discovered.

Stealing Admin session IDs
The issue allows unauthenticated attackers to exploit improper input validation in the ‘/ems/cgi-bin/ezrf_lighttpd.cgi’ endpoint.

By using directory traversal techniques in the ‘imagename’ parameter when the ‘op_type’ is set to ‘upgradelogs,’ attackers can read sensitive log files from the system.

These logs often contain administrator session IDs, which can be used to hijack admin sessions and gain privileged access, allowing threat actors to take over devices.

“Abusing the lack of input validation, an attacker can construct a request where the imagename parameter contains a path traversal, allowing the attacker to read any log file on the system,” explained Hanley.

“Luckily for an attacker, the FortiWLM has very verbose logs – and logs the session ID of all authenticated users. Abusing the above arbitrary log file read, an attacker can now obtain the session ID of a user and login and also abuse authenticated endpoints.”

The flaw affects FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4.

Despite the researcher’s public warning, the lack of a CVE ID (at the time) and a security bulletin meant that users were unaware of the risk and needed to upgrade to a safe version.

According to the security bulletin Fortinet published yesterday, on December 18, 2024, CVE-2023-34990 was fixed in FortiWLM versions 8.6.6 and 8.5.5, released at the end of September 2023.

CVE-2023-34990 was a zero-day vulnerability for roughly four months, with FortiWLM users first learning about it 10 months after its discovery in Hanley’s writeup. However, it took Fortinet an additional 9 months to release a public security bulletin.

Given its deployment in critical environments, FortiWLM can be a valuable target for attackers, as compromising it remotely could lead to network-wide disruptions and sensitive data exposure.

Therefore, it is strongly advised that FortiWLM admins apply all available updates as they become available.

Bill Toulas

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
4:19 pm, Feb. 6, 2025
Wetter-Symbol 7°C
L: 6° | H: 8°
broken clouds
Luftfeuchtigkeit: 73 %
Druck: 1040 mb
Wind: 10 mph NE
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 75%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 7:30 am
Sonnenuntergang: 4:58 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
6° | 8°°C 0 mm 0% 12 mph 81 % 1040 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
4° | 5°°C 1 mm 100% 13 mph 95 % 1036 mb 0 mm/h
Sa. Feb. 08 9:00 pm
Wetter-Symbol
4° | 6°°C 1 mm 100% 11 mph 96 % 1027 mb 0 mm/h
So. Feb. 09 9:00 pm
Wetter-Symbol
5° | 8°°C 0 mm 0% 10 mph 96 % 1039 mb 0 mm/h
Mo. Feb. 10 9:00 pm
Wetter-Symbol
3° | 4°°C 1 mm 100% 11 mph 96 % 1038 mb 0 mm/h
Today 6:00 pm
Wetter-Symbol
6° | 7°°C 0 mm 0% 11 mph 74 % 1040 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
4° | 5°°C 0 mm 0% 12 mph 81 % 1039 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 12 mph 79 % 1036 mb 0 mm/h
Tomorrow 3:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 12 mph 78 % 1033 mb 0 mm/h
Tomorrow 6:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 12 mph 72 % 1030 mb 0 mm/h
Tomorrow 9:00 am
Wetter-Symbol
5° | 5°°C 0 mm 0% 13 mph 69 % 1028 mb 0 mm/h
Tomorrow 12:00 pm
Wetter-Symbol
4° | 4°°C 0.2 mm 20% 13 mph 83 % 1025 mb 0 mm/h
Tomorrow 3:00 pm
Wetter-Symbol
4° | 4°°C 1 mm 100% 12 mph 88 % 1022 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€94,093.98
-0.24%
Ethereum(ETH)
€2,622.48
-1.42%
Fesseln(USDT)
€0.97
-0.01%
XRP(XRP)
€2.25
-6.07%
Solana(SOL)
€185.27
-4.23%
USDC(USDC)
€0.97
0.00%
Dogecoin(DOGE)
€0.241688
-4.12%
Shiba Inu(SHIB)
€0.000014
-5.74%
Pepe(PEPE)
€0.000009
-6.49%
Nach oben scrollen