PT-2024-9675 · Fortinet · Fortiwlm
Published
2024-12-18
·
Updated
2025-12-19
·
CVE-2023-34990
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiWLM versions 8.5.0 through 8.5.4
Fortinet FortiWLM versions 8.6.0 through 8.6.5
Description
A relative path traversal vulnerability in Fortinet FortiWLM allows an attacker to execute unauthorized code or commands via specially crafted web requests. This vulnerability can be exploited by a threat actor to gain admin access, execute unauthorized commands, and potentially gain root access to the system. The vulnerability is considered high severity and could result in complete system compromise, data breaches, or service disruptions.
Recommendations
- Upgrade to the latest versions of FortiWLM (8.5.5 and above; 8.6.6 and above).
- Network Segmentation: Isolate FortiWLM systems from untrusted networks.
- Access Control: Implement strict access controls to limit who can reach the FortiWLM web interface.
- Web Application Firewall (WAF): Deploy a WAF to filter out malicious web requests.
- Monitoring: Enhance logging and monitoring for FortiWLM systems to detect potential exploitation attempts.
- Input Validation: Implement additional input validation if possible to prevent path traversal attempts.
Fix
Relative Path Traversal
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fortiwlm