Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:E63FCD28C0EFF076E761527AF9EBDA7A
HistoryMar 18, 2024 - 12:00 a.m.

FortiWLM progressfile command injection

2024-03-1800:00:00
SAINT Corporation
my.saintcorporation.com
21
fortinet wireless manager
wireless networks
fortigates
command injection
vulnerability
unauthenticated attackers
arbitrary commands
upgrade
fortiwlm 8.5.5
fortiwlm 8.6.6
security advisory

8.7 High

AI Score

Confidence

Low

JSON

Added: 03/18/2024

Background

Fortinet Wireless Manager (FortiWLM) allows you to manage wireless networks on FortiGates.

Problem

A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by calling the deleteprogressfile function with a specially crafted progressfile parameter.

Resolution

Upgrade to FortiWLM 8.5.5 or 8.6.6 or higher.

References

<https://www.fortiguard.com/psirt/FG-IR-23-140&gt;
<https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/&gt;

Platforms

FortiWLM

8.7 High

AI Score

Confidence

Low

JSON