Critical Fortinet Flaw Exposes Networks to Unauthorized Admin Access – Patch Now

Critical Fortinet Flaw Exposes Networks to Unauthorized Admin Access - Patch Now

Critical Security Vulnerabilities Patched in Fortinet Products

Fortinet has released patches for critical security vulnerabilities affecting its Wireless LAN Manager (FortiWLM) and FortiManager products. The most severe flaw, CVE-2023-34990, received a critical CVSS score of 9.6.

Key Vulnerabilities:

1. FortiWLM (CVE-2023-34990):
– Allows unauthorized access to sensitive files through path traversal
– Affects versions 8.6.0-8.6.5 and 8.5.0-8.5.4
– Can lead to unauthorized code execution
– Enables attackers to steal session IDs and gain administrative access

2. FortiWLM (CVE-2023-48782):
– Authenticated command injection vulnerability
– CVSS score: 8.8
– When combined with CVE-2023-34990, enables root-level remote code execution

3. FortiManager (CVE-2024-48889):
– Command injection vulnerability
– CVSS score: 7.2
– Affects multiple versions across 6.4, 7.0, 7.2, 7.4, and 7.6 series
– Impacts specific hardware models when “fmg-status” is enabled

Patched Versions:
– FortiWLM: Version 8.6.6 or 8.5.5 and above
– FortiManager: Various fixed versions available for different release branches

Given the increasing targeting of Fortinet devices by threat actors, users are strongly advised to update their systems to the latest patched versions immediately.

Share This Article