The original post: /r/cybersecurity by /u/blackpoint_APG on 2024-12-19 20:21:36.

On December 18, 2024, Fortinet released an advisory for a critical vulnerability, CVE-2023-34990 (CVSS: 9.6), impacting their Wireless LAN Manager, FortiWLM versions 8.5.0 through 8.5.4 and 8.6.0 through 8.6.5.

The vulnerability was disclosed in March 2024 and was patched; however, the path traversal vulnerability can also be exploited by a threat actor to execute unauthorized code via specially crafted web requests.

This vulnerability could allow a threat actor to execute unauthorized code on the affected FortiWLM systems, which could result in complete system compromise, data breaches, or service disruptions. A threat actor then could deploy malware – such as ransomware – or steal sensitive information.

At the time of writing, there is no publicly reported evidence that the vulnerability has been exploited in the wild.

Despite a lack of evidence of exploitation, it is likely that threat actors will target this vulnerability over the next 3-6 months. FortiWLM is likely an attractive target for threat actors as the impact on targeted organizations would be significant.

Blackpoint Cyber will continue to monitor and provide updates as needed.

Recommendations

• Upgrade to the latest versions of FortiWLM (8.5.5 and above; 8.6.6 and above).
• Network Segmentation: Isolate FortiWLM systems from untrusted networks.
• Access Control: Implement strict access controls to limit who can reach the FortiWLM web interface.
• Web Application Firewall (WAF): Deploy a WAF to filter out malicious web requests.
• Monitoring: Enhance logging and monitoring for FortiWLM systems to detect potential exploitation attempts.
• Input Validation: Implement additional input validation if possible to prevent path traversal attempts.

Relevant Links:

• Fortinet Advisory