Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. “A relative path traversal [CWE-23] in FortiWLM may allow a remote, unauthenticated […]

fortinet FortiBleed

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure.

Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure.

“A relative path traversal [CWE-23] in FortiWLM may allow a remote, unauthenticated attacker to read sensitive files.” reads the advisory published by the vendor.

Horizon3.ai security researcher Zach Hanley (@hacks_zach) reported this vulnerability to Fortinet.

The vulnerability impacts the following products:

  • FortiWLM versions 8.6.0 through 8.6.5 (Fixed in 8.6.6 or above)
  • FortiWLM versions 8.5.0 through 8.5.4 (Fixed in 8.5.5 or above)

Hanley explained that the vulnerability CVE-2023-34990 enables remote attackers to exploit log-reading functions via crafted requests to a specific endpoint.

“This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.” reads the report published by Horizon3.ai. “Abusing the lack of input validation, an attacker can construct a request where the imagename parameter contains a path traversal, allowing the attacker to read any log file on the system.”

The experts added that FortiWLM’s verbose logs expose session IDs, enabling attackers to exploit log file read vulnerabilities to hijack sessions and access authenticated endpoints.

Authenticated users’ session ID tokens in FortiWLM remain static per device boot. Attackers can exploit this via the log file read vulnerability to hijack sessions and gain admin access.

The researcher also noticed that the vulnerability CVE-2023-34990 can be chained with CVE-2023-48782 (CVSS score of 8.8) leading to remote arbitrary code execution in the context of root.

Threat actors frequently target Fortinet devices, making it crucial for customers to update their installations promptly.

“While we found it to be popular with State, Local, and Education (SLED) and healthcare focused customers, luckily the internet exposure is fairly limited to around 15 instances.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, FortiWLM)