Fortinet warnt vor FortiWLM-Bug, der Hackern Admin-Rechte verleiht

Teilen:

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests.

FortiWLM is a centralized management tool for monitoring, managing, and optimizing wireless networks. It’s used by government agencies, healthcare organizations, educational institutions, and large enterprises.

The flaw, tracked as CVE-2023-34990, is a relative path traversal flaw rated with a score of 9.8.

Horizon3 researcher Zach Hanley discovered and disclosed the vulnerability to Fortinet in May 2023. However, the flaw remained unfixed ten months later, and Hanley decided to disclose information and a POC it on March 14, 2024 in a technical writeup about other Fortinet flaws he discovered.

Stealing Admin session IDs

The issue allows unauthenticated attackers to exploit improper input validation in the ‘/ems/cgi-bin/ezrf_lighttpd.cgi’ endpoint.

By using directory traversal techniques in the ‘imagename’ parameter when the ‘op_type’ is set to ‘upgradelogs,’ attackers can read sensitive log files from the system.

These logs often contain administrator session IDs, which can be used to hijack admin sessions and gain privileged access, allowing threat actors to take over devices.

“Abusing the lack of input validation, an attacker can construct a request where the imagename parameter contains a path traversal, allowing the attacker to read any log file on the system,” explained Hanley.

“Luckily for an attacker, the FortiWLM has very verbose logs – and logs the session ID of all authenticated users. Abusing the above arbitrary log file read, an attacker can now obtain the session ID of a user and login and also abuse authenticated endpoints.”

The flaw affects FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4.

Despite the researcher’s public warning, the lack of a CVE ID (at the time) and a security bulletin meant that users were unaware of the risk and needed to upgrade to a safe version.

According to the security bulletin Fortinet published yesterday, on December 18, 2024, CVE-2023-34990 was fixed in FortiWLM versions 8.6.6 and 8.5.5, released at the end of September 2023.

CVE-2023-34990 was a zero-day vulnerability for roughly four months, with FortiWLM users first learning about it 10 months after its discovery in Hanley’s writeup. However, it took Fortinet an additional 9 months to release a public security bulletin.

Given its deployment in critical environments, FortiWLM can be a valuable target for attackers, as compromising it remotely could lead to network-wide disruptions and sensitive data exposure.

Therefore, it is strongly advised that FortiWLM admins apply all available updates as they become available.

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
10:18 pm, Juli 6, 2025
Wetter-Symbol 17°C
L: 16° | H: 18°
broken clouds
Luftfeuchtigkeit: 70 %
Druck: 1007 mb
Wind: 4 mph WSW
Windböe: 7 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 60%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:51 am
Sonnenuntergang: 9:18 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Tomorrow 10:00 pm
Wetter-Symbol
16° | 18°°C 0.99 mm 99% 13 mph 92 % 1015 mb 0 mm/h
Di. Juli 08 10:00 pm
Wetter-Symbol
13° | 24°°C 0.2 mm 20% 11 mph 76 % 1020 mb 0 mm/h
Mi. Juli 09 10:00 pm
Wetter-Symbol
15° | 26°°C 0 mm 0% 6 mph 66 % 1023 mb 0 mm/h
Do. Juli 10 10:00 pm
Wetter-Symbol
19° | 31°°C 0 mm 0% 8 mph 63 % 1024 mb 0 mm/h
Fr. Juli 11 10:00 pm
Wetter-Symbol
20° | 30°°C 0 mm 0% 12 mph 54 % 1023 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
17° | 17°°C 0 mm 0% 9 mph 71 % 1007 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
16° | 16°°C 0.31 mm 31% 8 mph 79 % 1007 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
14° | 14°°C 0.99 mm 99% 10 mph 92 % 1009 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
17° | 17°°C 0.33 mm 33% 12 mph 53 % 1011 mb 0 mm/h
Tomorrow 1:00 pm
Wetter-Symbol
22° | 22°°C 0 mm 0% 13 mph 37 % 1012 mb 0 mm/h
Tomorrow 4:00 pm
Wetter-Symbol
20° | 20°°C 0 mm 0% 10 mph 41 % 1013 mb 0 mm/h
Tomorrow 7:00 pm
Wetter-Symbol
20° | 20°°C 0 mm 0% 7 mph 45 % 1014 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
17° | 17°°C 0 mm 0% 11 mph 49 % 1015 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€92,351.65
0.61%
Ethereum(ETH)
€2,163.72
1.59%
Fesseln(USDT)
€0.85
0.00%
XRP(XRP)
€1.93
2.88%
Solana(SOL)
€128.83
3.21%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.144865
3.94%
Shiba Inu(SHIB)
€0.000010
3.22%
Pepe(PEPE)
€0.000008
4.05%
Nach oben scrollen