San Jose, CA – December 19, 2024- A critical flaw in FortiWLM allows attackers to hijack admin sessions and execute malicious code. Fortinet urges users to update immediately to prevent exploitation.
Fortinet has issued an urgent security advisory regarding a critical vulnerability in its FortiWLM Wireless LAN Manager, tracked as CVE-2023-34990. This flaw, rated 9.6/10 on the CVSS scale, allows remote attackers to exploit a path traversal vulnerability to hijack administrative sessions, posing a significant threat to enterprises relying on Fortinet devices.
The vulnerability enables attackers to access sensitive log files and harvest session IDs. Alarmingly, these IDs remain static across sessions, allowing threat actors to hijack administrative privileges seamlessly. Researchers at Horizon3.ai, who identified the flaw, warn that the attack could lead to further exploitation, including lateral movement within networks.
Zach Hanley, cybersecurity researcher at Horizon3.ai said:
This is a high-risk vulnerability that opens the door to severe data breaches. Immediate updates are essential to safeguard critical infrastructure.
Fortinet has already patched the issue in FortiWLM versions 8.6.6 and above, but older versions remain vulnerable. Compounding the risk, attackers can chain this flaw with CVE-2023-48782, an authenticated command injection vulnerability, to execute malicious code with root-level privileges.
This highlights the importance of not only deploying patches promptly but also maintaining robust security protocols across systems.
Organizations using Fortinet devices are urged to update their systems without delay and audit their networks for unauthorized access. Failure to act swiftly could expose networks to significant operational disruptions and data breaches.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
![The Best VPN for Twitch TV 2023 [Updated]](https://www.vpnranks.com/wp-content/uploads/2022/10/Best-VPN-for-Twitch-Tv-300x169.jpg)
