FortiWLM progressfile command injection
Added: 03/18/2024Background
Fortinet Wireless Manager (FortiWLM) allows you to manage wireless networks on FortiGates.Problem
A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by calling the deleteprogressfile function with a specially crafted progressfile parameter.Resolution
Upgrade to FortiWLM 8.5.5 or 8.6.6 or higher.References
https://www.fortiguard.com/psirt/FG-IR-23-140https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/
Platforms
FortiWLMBack to exploit index