Fortinet warnt vor FortiWLM-Bug, der Hackern Admin-Rechte verleiht

Teilen:

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests.

FortiWLM is a centralized management tool for monitoring, managing, and optimizing wireless networks. It’s used by government agencies, healthcare organizations, educational institutions, and large enterprises.

The flaw, tracked as CVE-2023-34990, is a relative path traversal flaw rated with a score of 9.8.

Horizon3 researcher Zach Hanley discovered and disclosed the vulnerability to Fortinet in May 2023. However, the flaw remained unfixed ten months later, and Hanley decided to disclose information and a POC it on March 14, 2024 in a technical writeup about other Fortinet flaws he discovered.

Stealing Admin session IDs

The issue allows unauthenticated attackers to exploit improper input validation in the ‘/ems/cgi-bin/ezrf_lighttpd.cgi’ endpoint.

By using directory traversal techniques in the ‘imagename’ parameter when the ‘op_type’ is set to ‘upgradelogs,’ attackers can read sensitive log files from the system.

These logs often contain administrator session IDs, which can be used to hijack admin sessions and gain privileged access, allowing threat actors to take over devices.

“Abusing the lack of input validation, an attacker can construct a request where the imagename parameter contains a path traversal, allowing the attacker to read any log file on the system,” explained Hanley.

“Luckily for an attacker, the FortiWLM has very verbose logs – and logs the session ID of all authenticated users. Abusing the above arbitrary log file read, an attacker can now obtain the session ID of a user and login and also abuse authenticated endpoints.”

The flaw affects FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4.

Despite the researcher’s public warning, the lack of a CVE ID (at the time) and a security bulletin meant that users were unaware of the risk and needed to upgrade to a safe version.

According to the security bulletin Fortinet published yesterday, on December 18, 2024, CVE-2023-34990 was fixed in FortiWLM versions 8.6.6 and 8.5.5, released at the end of September 2023.

CVE-2023-34990 was a zero-day vulnerability for roughly four months, with FortiWLM users first learning about it 10 months after its discovery in Hanley’s writeup. However, it took Fortinet an additional 9 months to release a public security bulletin.

Given its deployment in critical environments, FortiWLM can be a valuable target for attackers, as compromising it remotely could lead to network-wide disruptions and sensitive data exposure.

Therefore, it is strongly advised that FortiWLM admins apply all available updates as they become available.

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
6:10 am, Juli 8, 2025
Wetter-Symbol 12°C
L: 11° | H: 13°
klarer Himmel
Luftfeuchtigkeit: 80 %
Druck: 1015 mb
Wind: 11 mph NW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 10%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:53 am
Sonnenuntergang: 9:17 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
11° | 13°°C 0.64 mm 64% 9 mph 80 % 1019 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
15° | 25°°C 0.13 mm 13% 7 mph 59 % 1022 mb 0 mm/h
Do. Juli 10 10:00 pm
Wetter-Symbol
18° | 30°°C 0 mm 0% 8 mph 72 % 1023 mb 0 mm/h
Fr. Juli 11 10:00 pm
Wetter-Symbol
19° | 30°°C 0 mm 0% 10 mph 66 % 1022 mb 0 mm/h
Sa. Juli 12 10:00 pm
Wetter-Symbol
18° | 29°°C 0 mm 0% 11 mph 74 % 1020 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
12° | 12°°C 0.64 mm 64% 9 mph 80 % 1016 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
14° | 17°°C 0 mm 0% 9 mph 71 % 1017 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
18° | 20°°C 0 mm 0% 7 mph 49 % 1017 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
24° | 24°°C 0 mm 0% 7 mph 29 % 1017 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
21° | 21°°C 0 mm 0% 7 mph 29 % 1018 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
20° | 20°°C 0 mm 0% 4 mph 41 % 1019 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
17° | 17°°C 0 mm 0% 5 mph 48 % 1020 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
15° | 15°°C 0 mm 0% 4 mph 59 % 1021 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€92,021.81
-1.04%
Ethereum(ETH)
€2,166.50
-1.19%
Fesseln(USDT)
€0.85
0.00%
XRP(XRP)
€1.93
0.02%
Solana(SOL)
€126.95
-1.87%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.142923
-3.73%
Shiba Inu(SHIB)
€0.000010
-1.48%
Pepe(PEPE)
€0.000009
-3.44%
Nach oben scrollen