CVE-2023-34990: 
FortiWLM vulnerability analysis and mitigation

A critical vulnerability (CVE-2023-34990) was discovered in Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. The vulnerability is a relative path traversal issue (CWE-23) that allows remote unauthenticated attackers to read sensitive files and potentially execute unauthorized code or commands via specially crafted web requests (Fortinet PSIRT, NVD).

The vulnerability exists in the FortiWLM's web interface, specifically in the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. Due to insufficient input validation, attackers can exploit path traversal sequences to access log files containing administrator session ID tokens. The vulnerability received a Critical severity rating with a CVSS score of 9.6. The issue was discovered by security researcher Zach Hanley of Horizon3.ai and stems from improper validation of request parameters (Horizon3, Hacker News).

The vulnerability allows attackers to read sensitive files and potentially execute unauthorized code with root privileges. By exploiting this flaw, attackers can obtain session ID tokens from log files, which can then be used to hijack administrative sessions and gain full control over the appliance (SOCRadar, Horizon3).

Fortinet has released patches to address this vulnerability. Organizations running FortiWLM 8.6.0 through 8.6.5 should upgrade to version 8.6.6 or above, while those running versions 8.5.0 through 8.5.4 should upgrade to version 8.5.5 or above (Fortinet PSIRT).