Updates have been issued by Fortinet to fix a critical relative path traversal flaw in its FortiWLM wireless device management app suite, tracked as CVE-2023-34990, which could be leveraged to facilitate code execution and unauthorized file access, according to SecurityWeek.
Affected by the vulnerability, which was reported by Horizon3.ai security researcher Zach Hanley, were FortiWLM versions 8.6.0 through 8.6.5 and versions 8.5.0 through 8.5.4, an advisory from the National Institute of Standards and Technology revealed. Hanley previously reported the potential exploitation of a pair of Fortinet FortiWLM flaws, including a directory traversal issue, to allow total device compromise but whether CVE-2023-34990 was the said bug remains unclear. Fortinet has also patched a high-severity OS command injection vulnerability in FortiManager and certain outdated FortiAnalyzer instances, tracked as CVE-2024-48889, which could be exploited to enable arbitrary code execution. Neither of the flaws were disclosed to have been used in cyberattacks.
