FortiWLM progressfile command injection

Added: 03/18/2024

Background

Fortinet Wireless Manager (FortiWLM) allows you to manage wireless networks on FortiGates.

Problem

A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by calling the deleteprogressfile function with a specially crafted progressfile parameter.

Resolution

Upgrade to FortiWLM 8.5.5 or 8.6.6 or higher.

References

https://www.fortiguard.com/psirt/FG-IR-23-140
https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/

Platforms

FortiWLM

Back to exploit index