Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:A50AF7D716DE5A0850F5CA88B38E7089
HistoryMar 18, 2024 - 12:00 a.m.

FortiWLM progressfile command injection

2024-03-1800:00:00
SAINT Corporation
download.saintcorporation.com
59
fortiwlm
command injection
vulnerability
unauthenticated
upgrade

8.7 High

AI Score

Confidence

Low

JSON

Added: 03/18/2024

Background

Fortinet Wireless Manager (FortiWLM) allows you to manage wireless networks on FortiGates.

Problem

A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by calling the deleteprogressfile function with a specially crafted progressfile parameter.

Resolution

Upgrade to FortiWLM 8.5.5 or 8.6.6 or higher.

References

<https://www.fortiguard.com/psirt/FG-IR-23-140&gt;
<https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/&gt;

Platforms

FortiWLM

8.7 High

AI Score

Confidence

Low

JSON