Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.12.1 Latest
Buy Hosting
  1. Home
  2. Uncategorized
  3. Fortinet 18 December 2024 security advisory FG-IR-23-144 (error loading post)

Fortinet 18 December 2024 security advisory FG-IR-23-144 (error loading post)

Scheduled Pinned Locked Moved Uncategorized
fortinetfortwlmvulnerabilitycveinfosec
7 Posts 4 Posters 4 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • screaminggoat@infosec.exchangeS This user is from outside of this forum
    screaminggoat@infosec.exchangeS This user is from outside of this forum
    Not Simon 🐐
    wrote last edited by
    #1

    Fortinet 18 December 2024 security advisory FG-IR-23-144 (error loading post)
    CVE-2023-34990 (9.8 critical) relative path traversal in Fortinet FortiWLM leads to code and command execution: released today, 557 days after it was reserved by Fortinet on 09 June 2023. Unable to view the advisory in order to determine exploitation. Shame on them for waiting a year to patch/announce the vulnerability.

    h/t: @cR0w

    #fortinet #fortwlm #vulnerability #CVE #infosec #cybersecurity

    screaminggoat@infosec.exchangeS 1 Reply Last reply
    0
    • screaminggoat@infosec.exchangeS This user is from outside of this forum
      screaminggoat@infosec.exchangeS This user is from outside of this forum
      Not Simon 🐐
      replied to Not Simon 🐐 last edited by
      #2

      CVE-2023-34990 is credited to @hacks_zach of Horizon3.ai. This gave me a starting point for figuring out where to look for information. It's contained in Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the β€œForti Forty” posted on 14 March 2024.

      It is described as an unpatched vulnerability: "Unauthenticated Limited Log File Read – Allows retrieval of arbitrary log files which contain administrator session ID tokens" Check out the Path to Remote Code Execution #2 section for vulnerability details:

      This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.

      Based on the details of the blog, I can confidently say that the new CVE and the blog's vulnerability are almost certainly one and the same.

      cc: @GossiTheDog @jerry

      #CVE_2023_34990 #fortinet #fortiwlm #vulnerability #CVE #infosec #cybersecurity

      ryanc@infosec.exchangeR 1 Reply Last reply
      0
      • ryanc@infosec.exchangeR This user is from outside of this forum
        ryanc@infosec.exchangeR This user is from outside of this forum
        Ryan Castellucci :nonbinary_flag:
        replied to Not Simon 🐐 last edited by
        #3

        @screaminggoat @hacks_zach @GossiTheDog @jerry this is a level of rich content that i was not prepared for

        jerry@infosec.exchangeJ 1 Reply Last reply
        0
        • jerry@infosec.exchangeJ This user is from outside of this forum
          jerry@infosec.exchangeJ This user is from outside of this forum
          Merry Jerry, powered by AIπŸŽ„πŸŽ…πŸ•Žβ›„οΈβ„οΈ
          replied to Ryan Castellucci :nonbinary_flag: last edited by
          #4

          @ryanc @screaminggoat @hacks_zach @GossiTheDog a recent mastodon/glitch-soc update did change that

          rallias@hax.socialR 1 Reply Last reply
          0
          • rallias@hax.socialR This user is from outside of this forum
            rallias@hax.socialR This user is from outside of this forum
            rallias
            replied to Merry Jerry last edited by
            #5

            @jerry @ryanc @screaminggoat @hacks_zach @GossiTheDog hasn't glitch-soc supported markdown since at least 4.0?

            jerry@infosec.exchangeJ 1 Reply Last reply
            0
            • jerry@infosec.exchangeJ This user is from outside of this forum
              jerry@infosec.exchangeJ This user is from outside of this forum
              Merry Jerry, powered by AIπŸŽ„πŸŽ…πŸ•Žβ›„οΈβ„οΈ
              replied to rallias last edited by
              #6

              @rallias @ryanc @screaminggoat @hacks_zach @GossiTheDog yeah, but the way it’s displayed has been updated

              ryanc@infosec.exchangeR 1 Reply Last reply
              0
              • ryanc@infosec.exchangeR This user is from outside of this forum
                ryanc@infosec.exchangeR This user is from outside of this forum
                Ryan Castellucci :nonbinary_flag:
                replied to Merry Jerry last edited by
                #7

                @jerry @rallias @screaminggoat @hacks_zach @GossiTheDog it's all fancy pants now

                1 Reply Last reply
                0

                Copyright Β© 2024 NodeBB | Contributors
                • Login
                • Don't have an account? Register
                • Login or register to search.
                Powered by NodeBB Contributors
                • First post
                  Last post
                0
                • Home
                • Categories
                • Recent
                • Popular
                • World
                • Top
                • Tags
                • Users
                • Groups
                • Documentation
                  • Home
                  • Read API
                  • Write API
                  • Plugin Development