Fortinet flags some worrying security bugs coming back from the dead
Share:
A critical severity flaw thought to have been fixed more than a year ago, was just now flagged. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Fifteen months after first patching, Fortinet has released a security bulletin to flag a critical severity flaw plaguing its Fortinet Wireless Manager (FortiWLM) product.
![[Data leak]](https://vanilla.futurecdn.net/cyclingnews/media/img/missing-image.svg)
The flaw can be used to take over the devices remotely, so if you’re using an older version, make sure to update it immediately. FortiWLM is a centralized platform for managing, monitoring, and optimizing Fortinet wireless access points and controllers, enabling secure and scalable wireless network deployments. It is usually used by large enterprises and government agencies.
In May 2023, security researcher from Horizon3, Zach Hanley, discovered a relative path traversal flaw affecting the product. It is tracked as CVE-2023-34990, and was given a severity score of 9.8/10 (critical). The bug stems from improper input validation, which allows attackers to read sensitive log files from the system. Since these log files often contain administrator session IDs they can be abused to grant the attackers remote access to the vulnerable endpoint.
"Abusing the lack of input validation, an attacker can construct a request where the imagename parameter contains a path traversal, allowing the attacker to read any log file on the system," Hanley said at the time. "Luckily for an attacker, the FortiWLM has very verbose logs – and logs the session ID of all authenticated users. Abusing the above arbitrary log file read, an attacker can now obtain the session ID of a user and login and also abuse authenticated endpoints.".
