A critical path traversal vulnerability in the Fortinet Wireless Manager (FortiWLM) could allow an unauthenticated attacker to gain access to sensitive files. The impact of the vulnerability is rated 9.6 on a scale of 1 to 10. Fortinet has released security updates to fix the problem.

Through the Fortinet Wireless Manager, an ‘application suite’, organizations can monitor, operate and manage their WiFi networks. Fortinet did not provide any further details about the vulnerability (CVE-2023-34990), except to say that it is a relative path traversal vulnerability that was found and reported by a researcher at security company Horizon3.ai.

The researcher disclosed several vulnerabilities in FortiWLM that he had discovered last March. This included a vulnerability without a CVE number and update that makes it possible to steal arbitrary log files containing admin session ID tokens and thus take over the device. The vulnerability was reported to Fortinet on May 12, 2023, the researcher said.

In short:

Aspect Detail
Vulnerability Critical path traversal vulnerability in Fortinet Wireless Manager (CVE-2023-34990)
Impact Rated 9.6 out of 10
Attacker Access Unauthenticated attackers can access sensitive files
Discovery and Reporting Discovered by a researcher at Horizon3.ai, reported to Fortinet on May 12, 2023
Mitigation Fortinet has released security updates to address the vulnerability

Categorized in:

Security News,

Last Update: December 24, 2024