FlagThis

Additionally, a separate security flaw (CVE-2024-51479) has been found in Next.js, a popular React framework. This vulnerability represents an authorization bypass, which can compromise sensitive data and systems. It is important that users of both FortiWLM and Next.js implement patches as soon as possible, to mitigate the risk of code execution and unauthorized data access. Fortinet has also released updates for other products including FortiManager and FortiClient VPN addressing further security concerns.

Share:

• socradar.io: Critical Path Traversal in FortiWLM (CVE-2023-34990) Permits Code Execution; Next.js Auth Bypass (CVE-2024-51479)
• securityaffairs.com: Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM
• The Hacker News: Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
• Security Risk Advisors: Critical #vulnerability in Fortinet #FortiWLM The post appeared first on .
• securityonline.info: CVE-2023-34990 (CVSS 9.8): Critical Security Flaw Found in Fortinet FortiWLM
• techacademy.online: Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
• www.bleepingcomputer.com: Fortinet warns of critical FortiWLM bug giving hackers admin privileges
• circl: A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
• circl: CIRCL.lu post about Fortinet FortiWLM path traversal vulnerability.
• www.circl.lu: CIRCL technical report on the vulnerability.

Classification:

• HashTags: #Fortinet #PathTraversal #CyberSecurity
• Company: Fortinet
• Target: FortiWLM and Next.js Users
• Product: FortiWLM
• Feature: Path Traversal
• Type: Vulnerability
• Severity: Major