FlagThis

CyberSecurity updates
2024-12-26 22:12:55 Pacfic
Ameer Owda @ SOCRadar
FortiWLM Path Traversal and Next.js Auth Bypass - 7d
Read more: socradar.io

Fortinet has issued warnings regarding critical vulnerabilities in its FortiWLM Wireless LAN Manager product. The most severe, tracked as CVE-2023-34990, is a path traversal flaw which allows remote, unauthenticated attackers to read sensitive files. This flaw stems from inadequate input validation on request parameters, enabling attackers to traverse directories and access log files which contain sensitive session ID tokens. By exploiting this vulnerability, malicious actors can gain unauthorized access to the system and potentially hijack user sessions for administrative control.



Additionally, a separate security flaw (CVE-2024-51479) has been found in Next.js, a popular React framework. This vulnerability represents an authorization bypass, which can compromise sensitive data and systems. It is important that users of both FortiWLM and Next.js implement patches as soon as possible, to mitigate the risk of code execution and unauthorized data access. Fortinet has also released updates for other products including FortiManager and FortiClient VPN addressing further security concerns.

Original img attribution: https://socradar.io/wp-content/uploads/2024/12/critical-path-traversal-in-fortiwlm-cve-2023-34990-permits-code-execution-next-js-auth-bypass-cve-2024-51479.jpg.webp
ImgSrc: socradar.io
References:
  • SOCRadar - Critical Path Traversal in FortiWLM (CVE-2023-34990) Permits Code Execution; Next.js Auth Bypass (CVE-2024-51479) - 7d
  • Security Archives - Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM - 7d
  • The Hacker News - Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits - 7d
  • Security Risk Advisors - Critical #vulnerability in Fortinet #FortiWLM The post appeared first on . - 7d
  • Vulnerability Archives - CVE-2023-34990 (CVSS 9.8): Critical Security Flaw Found in Fortinet FortiWLM - 7d
  • techacademy.online - Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits - 6d
  • Over Security - Fortinet warns of critical FortiWLM bug giving hackers admin privileges - 6d
  • @circl - A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. - 6d
  • @circl - CIRCL.lu post about Fortinet FortiWLM path traversal vulnerability. - 5d
  • www.circl.lu - CIRCL technical report on the vulnerability. - 5d

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.