- A flaw in Fortinet that was fixed in September 2023 has just been flagged in a security advisory
- The vulnerability, first discovered in May 2023, could allow crooks to take over vulnerable endpoints
- Users are advised to apply the patch immediately
Fifteen months after it was first patched, Fortinet has released a security advisory flagging a serious flaw plaguing its Fortinet Wireless Manager (FortiWLM) product.
This flaw can be used to remotely take over the device, so if you are using an older version, make sure to update now.
FortiWLM is a centralized platform for managing, monitoring and optimizing Fortinet wireless access point and controllers for secure and scalable wireless network deployment. Typically used by large businesses and government agencies.
Repaired in September
In May 2023, Horizon3 security researcher Zach Hanley discovered a relative path traversal flaw affecting the product. It is tracked as CVE-2023-34990 and has a severity score of 9.8/10 (Critical). This error stems from incorrect input validation, which allows an attacker to read sensitive log files from the system. Because these log files often contain administrator session IDs, attackers could abuse them to gain remote access to vulnerable endpoints.
“Exploiting the lack of input validation, an attacker can craft a request where the imagename parameter contains a path traversal, allowing the attacker to read any log archive on the system,” Hanley said at the time.
“Fortunately for the attacker, FortiWLM has very detailed logs and records the session ID of all authenticated users. By abusing any of the above log file reads, the attacker can now obtain the user and login IDs. Session ID, authenticated endpoints can also be abused.
This flaw affects FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4.
However, despite the vulnerability being discovered and reported to Fortinet, the company did not publicly address the issue, prompting Hanley to disclose his findings and release a proof-of-concept (PoC) in March 2023. , Fortinet issued a new security advisory, which stated that the bug was fixed last September.
This means that the vulnerability remained in zero-day status for approximately four months, and completely disappeared from users’ radar for 15 months.
through Computer beeps