CVE-2023-34990
published 2024-12-18CVE-2023-34990: A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via…
PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
24.90%
97.6th percentile
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortiwlm | — | — |
| fortinet | fortiwlm | >= 8.5.0 < 8.5.5 | 8.5.5 |
| fortinet | fortiwlm | 8.5.0 – 8.5.4 | — |
| fortinet | fortiwlm | >= 8.6.0 < 8.6.6 | 8.6.6 |
| fortinet | fortiwlm | 8.6.0 – 8.6.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/ems/cgi-bin/ezrf_lighttpd.cgi?op_type=upgradelogs&imagename=../../../../../../../../../data/apps/nms/logs/httpd_error_log↗
- →Look for path traversal sequences in the 'imagename' parameter of requests to /ems/cgi-bin/ezrf_lighttpd.cgi with op_type=upgradelogs ↗
- →Monitor FortiWLM log files for session ID leakage — logs record session IDs of all authenticated users in plaintext, which attackers harvest post-traversal ↗
- →Use Shodan query 'title:"FortiWLM Login"' to identify exposed FortiWLM instances for asset discovery and attack surface monitoring ↗
- →Check Point IPS signature 'Web Servers Malicious URL Directory Traversal' provides detection coverage for this CVE ↗
- →Exploit is unauthenticated and requires no prior access — alert on any unauthenticated GET requests to ezrf_lighttpd.cgi containing '../' sequences ↗
- ·Affected versions are FortiWLM 8.6.0–8.6.5 and 8.5.0–8.5.4; fixed in 8.6.6 and 8.5.5. Ensure version checks target this exact range. ↗
- ·The Nuclei template uses a two-step flow: first confirming the FortiWLM login page is present, then executing the traversal — single-step detections may produce false positives on non-FortiWLM hosts ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Fortinet
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to ex...
vendor_fortinet·2024-12-18·CVSS 9.8
CVE-2023-34990 [CRITICAL] CWE-23 A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to ex...
FG-IR-23-144: A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to ex...
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
CVEs: CVE-2023-34990
CWEs: CWE-23, CWE-94
CVSS: 9.8 (critical)
Affected products: FortiWLM, FortiWlm, Fortinet
GHSA
GHSA-2pp3-2hr3-936m: A relative path traversal in Fortinet FortiWLM version 8
ghsa_unreviewed·2024-12-18
CVE-2023-34990 [CRITICAL] CWE-23 GHSA-2pp3-2hr3-936m: A relative path traversal in Fortinet FortiWLM version 8
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
No detection rules found.
Nuclei
FortiWLM - Directory Traversal
nuclei·CVSS 9.8
CVE-2023-34990 [CRITICAL] FortiWLM - Directory Traversal
FortiWLM - Directory Traversal
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
Template:
id: CVE-2023-34990
info:
name: FortiWLM - Directory Traversal
author: DhiyaneshDk
severity: critical
description: |
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
impact: |
Unauthenticated attackers can exploit path traversal through the imagename parameter in ezrf_lighttpd.cgi to read arbitrary files and potentially execute unauthorized code, compromising the entire Fortinet FortiWLM wireless LAN management system
Checkpoint
23rd December – Threat Intelligence Report
blogs_checkpoint·2024-12-23
CVE-2024-12692 23rd December – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 23rd December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 23rd December, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The State of Rhode Island has issued a notification that RIBridges, the state’s portal for social services, has suffered a cyber attack and data leak. According to the reports, the breach was likely caused by a ransomware attack, including compromise of personal information of hundreds of thousands of the state’s reside
Bleepingcomputer
Fortinet warns of FortiWLM bug giving hackers admin privileges
blogs_bleepingcomputer·2024-12-19·CVSS 9.8
[CRITICAL] Fortinet warns of FortiWLM bug giving hackers admin privileges
## Fortinet warns of FortiWLM bug giving hackers admin privileges
## Bill Toulas
Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests.
FortiWLM is a centralized management tool for monitoring, managing, and optimizing wireless networks. It's used by government agencies, healthcare organizations, educational institutions, and large enterprises.
The flaw, tracked as CVE-2023-34990 , is a relative path traversal flaw rated with a score of 9.8.
Horizon3 researcher Zach Hanley discovered and disclosed the vulnerability to Fortinet in May 2023. However, the flaw remained unfixed ten months later, and Hanley decided to disclose
2024-12-18
Published