TR-90 - Vulnerability identified as CVE-2023-34990, affecting Fortinet FortiWLM

A relative path traversal vulnerability has been discovered in Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. This vulnerability allows an attacker to execute unauthorized code or commands by sending specially crafted web requests.

Affected Products

• Vendor: Fortinet
• Product: FortiWLM
• Versions:
  • 8.6.0 through 8.6.5 (inclusive)
  • 8.5.0 through 8.5.4 (inclusive)

Vulnerability Class

• CWE-23: Relative Path Traversal
• CWE-94: Improper Control of Generation of Code (‘Code Injection’)

Impact

Successful exploitation of this vulnerability could lead to the execution of arbitrary code or commands on the affected system.

Technical Analysis

Attack Vector

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope: Unchanged

CVSS Metrics

CNA CVSS Score

• CVSS v3.1 Base Score: 9.6
• CVSS v3.1 Base Severity: CRITICAL
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality Impact (C): High (H)
• Integrity Impact (I): High (H)
• Availability Impact (A): High (H)

CISA ADP CVSS Score

• CVSS v3.1 Base Score: 9.8
• CVSS v3.1 Base Severity: CRITICAL
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality Impact (C): High (H)
• Integrity Impact (I): High (H)
• Availability Impact (A): High (H)

CISA ADP SSVC

• SSVC Version: 2.0.3
• SSVC ID: CVE-2023-34990
• Timestamp: 2024-12-19T00:00:00+00:00
• Options:
  • Exploitation: None
  • Automatable: Yes
  • Technical Impact: Total
  • Role: CISA Coordinator

Mitigation

• Upgrade to FortiWLM version 8.6.6 or later.
• Upgrade to FortiWLM version 8.5.5 or later.

References

• Fortiguard Advisory
• NIST NVD CVE Details
• GitHub Security Advisory
• GSD Vulnerability ID

Additional Sightings

Mastodon

• https://infosec.exchange/users/mttaggart/statuses/113676180752563416
• https://infosec.exchange/users/cve/statuses/113673904010874634
• https://infosec.exchange/users/screaminggoat/statuses/113674791142313324
• https://infosec.exchange/users/screaminggoat/statuses/113674904259060282
• https://infosec.exchange/users/adulau/statuses/113674914309627637
• https://infosec.exchange/users/screaminggoat/statuses/113674927052267535
• https://infosec.exchange/users/screaminggoat/statuses/113675208676939403
• https://cyberplace.social/users/GossiTheDog/statuses/113674232166302816
• https://social.circl.lu/users/circl/statuses/113674370374104492
• https://infosec.exchange/users/edwardk/statuses/113679655471686245
• https://infosec.exchange/users/jbhall56/statuses/113679787983720927

Bluesky

• https://bsky.app/profile/nimblenerd.social/post/3ldnubko4bc2n
• https://bsky.app/profile/nimblenerd.social/post/3ldnuagu2lw2e
• https://bsky.app/profile/nimblenerd.social/post/3ldnuh5j6z72k
• https://bsky.app/profile/potato.software/post/3ldnuipavmq2c
• https://bsky.app/profile/hackingne.ws/post/3ldnwrxvui22v
• https://bsky.app/profile/nimblenerd.social/post/3ldogmyckhc2e
• https://bsky.app/profile/bolhasec.com/post/3ldnrh54g5i2b
• https://bsky.app/profile/nihonmatsu.bsky.social/post/3ldnrwzdzps2b
• https://bsky.app/profile/nidouille.bsky.social/post/3ldnywp2izk2f
• https://bsky.app/profile/jbhall56.bsky.social/post/3ldnyyoiymc2g

News

• https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html
• https://www.darkreading.com/vulnerabilities-threats/fortinet-addresses-unpatched-critical-rce-vector

Classification of this document

TLP:CLEAR information may be distributed without restriction, subject to copyright controls.

Revision

• Version 1.0 - TLP:CLEAR - First version - 20th December 2024