Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Fortinet urges immediate action: Critical RCE flaw exposes systems

Organizations using Fortinet’s systems must prioritize upgrading and patching their equipment to mitigate the risks associated with these vulnerabilities

byKerem Gülen
December 20, 2024
in News, Cybersecurity

Fortinet has addressed critical vulnerabilities in its Wireless LAN Manager (FortiWLM) that could lead to unauthenticated remote code execution (RCE) and sensitive information disclosure. The patches released address CVE-2023-34990 and CVE-2023-48782, which, when exploited together, can grant attackers unauthorized access. Experts emphasize the urgency for customers to upgrade their systems.

Fortinet patches critical vulnerabilities in Wireless LAN Manager

The identified bug, CVE-2023-34990, has a CVSS score of 9.6 and was first disclosed in March 2023. It is categorized as an “unauthenticated limited file read vulnerability.” Zach Hanley, a security researcher from Horizon3.ai, reported that the vulnerability stems from inadequate input validation on request parameters. This flaw allows attackers to traverse directories and access any log file on the system, potentially revealing sensitive information such as user session IDs. These logs are notably verbose in FortiWLM, increasing the risk when exploited.

The National Vulnerability Database (NVD) describes how this vulnerability can lead to executing unauthorized code via specially crafted web requests. The affected FortiWLM versions include 8.6.0 to 8.6.5, which have been addressed in 8.6.6 and above, and 8.5.0 to 8.5.4, fixed in version 8.5.5 or above. Given Fortinet’s prominence as a target for cyberattacks, the imperative for rapid patching cannot be overstated.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Critical Tomcat flaw could expose your servers to attack


In addition to CVE-2023-34990, a separate vulnerability, CVE-2023-48782, also plays a critical role in the exploit chain. This authenticated command injection flaw has a CVSS score of 8.8 and was patched in the previous year. Hanley notes that when combined with the unauthenticated vulnerability, an attacker can execute malicious commands with root privileges by injecting commands through a specific endpoint, compromising the system further.

Kaspersky has reported ongoing exploitation of another vulnerability in Fortinet’s FortiClient EMS, specifically CVE-2023-48788, which has a CVSS score of 9.3. This SQL injection vulnerability allows attackers to send specially crafted data packets, enabling them to execute unauthorized code. The cybersecurity firm documented an attack in October 2024 that targeted a Windows server hosting FortiClient EMS. The attack exploited open ports to gain control over the server, leading to the installation of remote desktop software such as AnyDesk and ScreenConnect.

Following the initial breach, attackers reportedly uploaded additional payloads for lateral movement, credential harvesting, and establishing persistence on the compromised system. Tools used in this campaign included malware for password recovery and network scanning, like Mimikatz and netscan.exe. The campaign is noted to have targeted various companies across multiple countries, revealing the global reach and sophistication of these cyber threats.

Kaspersky has observed further attempts to weaponize CVE-2023-48788, including executing PowerShell scripts from compromised servers to gather responses from other vulnerable targets. This effort points to evolving attack methodologies and ongoing risks for organizations using Fortinet products. The initial disclosures by Forescout earlier in the year reported a similar pattern of exploitation involving the same vulnerability to deliver remote access tools.

Organizations using Fortinet’s systems must prioritize upgrading and patching their equipment to mitigate the risks associated with these vulnerabilities. It is still unclear to what extent these vulnerabilities have already been exploited globally, making it essential for administrators to remain vigilant.


Featured image credit: Kerem Gülen/Midjourney

Tags: Cybersecurityfortinet

Related Posts

ChatGPT reportedly reduces reliance on Reddit as a data source

ChatGPT reportedly reduces reliance on Reddit as a data source

October 3, 2025
Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

October 3, 2025
Light-powered chip makes AI computation 100 times more efficient

Light-powered chip makes AI computation 100 times more efficient

October 3, 2025
Free and effective anti-robocall tools are now available

Free and effective anti-robocall tools are now available

October 3, 2025
Choosing the right Web3 server: OVHcloud options for startups to enterprises

Choosing the right Web3 server: OVHcloud options for startups to enterprises

October 3, 2025
Z.AI GLM-4.6 boosts context window to 200K tokens

Z.AI GLM-4.6 boosts context window to 200K tokens

October 2, 2025

LATEST NEWS

ChatGPT reportedly reduces reliance on Reddit as a data source

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Light-powered chip makes AI computation 100 times more efficient

Free and effective anti-robocall tools are now available

Choosing the right Web3 server: OVHcloud options for startups to enterprises

Z.AI GLM-4.6 boosts context window to 200K tokens

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.