Addressing the Unpatched Critical RCE Vector, Fortinet

Fortinet has released a patch addressing a severe security flaw in its Wireless LAN Manager that security researcher Zach Hanley initially identified in March. The vulnerability (CVE-2023-34990), rated with a critical CVSS score of 9.6, enables unauthorized users to access sensitive information through directory traversal and log file reading.

Addressing the Unpatched Critical RCE Vector, Fortinet

Fortinet has released a patch addressing a severe security flaw in its Wireless LAN Manager that security researcher Zach Hanley initially identified in March. The vulnerability (CVE-2023-34990), rated with a critical CVSS score of 9.6, enables unauthorized users to access sensitive information through directory traversal and log file reading.

The vulnerability's impact is particularly concerning because FortiWLM's detailed logging system records user session IDs, which attackers could exploit to gain authenticated access. According to the National Vulnerability Database, this flaw could potentially lead to unauthorized code execution through specific web requests.

The issue becomes more dangerous when combined with an earlier vulnerability (CVE-2023-48782, CVSS 8.8) that Fortinet patched last year. Together, these flaws create a path for remote code execution with root privileges. An attacker could exploit the authentication bypass to access the system, then use the authenticated command injection vulnerability to execute malicious code through the /ems/cgi-bin/ezrf_switches.cgi endpoint.

The vulnerability affects FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. Organizations using these versions should immediately upgrade to versions 8.6.6 or 8.5.5 respectively. Given Fortinet's position as a frequent target for cyberattacks, swift patching is crucial for system security.