Threat Insight
Relative Path Traversal Vulnerability Found in FortiWLM
Fortinet has recently published advisory about a relative path traversal vulnerability found in Fortinet FortiWLM. This vulnerability was discovered and reported to Fortinet by a security researcher.
An attacker can exploit this vulnerability via specially crafted web requests leading to remote code execution (RCE).
If successfully exploited, an unauthenticated attacker could execute malicious commands on affected devices from a remote location.
CVE
CVE-2023-34990
Affected Products
FortiWLM 8.6 8.6.0 through 8.6.5
FortiWLM 8.5 8.5.0 through 8.5.4
Recommended Actions
Apply the latest security updates to FortiWLM, if you’re using the version 8.6 upgrade to 8.6.6 or above, and if you’re using version 8.5, upgrade to 8.5.5 or above.