CVE-2023-34990 is credited to @hacks_zach of Horizon3.ai. This gave me a starting point for figuring out where to look for information. It's contained in Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the βForti Fortyβ posted on 14 March 2024.
It is described as an unpatched vulnerability: "Unauthenticated Limited Log File Read β Allows retrieval of arbitrary log files which contain administrator session ID tokens" Check out the Path to Remote Code Execution #2
section for vulnerability details:
This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.
Based on the details of the blog, I can confidently say that the new CVE and the blog's vulnerability are almost certainly one and the same.
cc: @GossiTheDog @jerry
#CVE_2023_34990 #fortinet #fortiwlm #vulnerability #CVE #infosec #cybersecurity