CVE-2023-42783: 
FortiWLM vulnerability analysis and mitigation

A relative path traversal vulnerability was discovered in Fortinet FortiWLM, identified as CVE-2023-42783. The vulnerability affects multiple versions of FortiWLM including versions 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.4.2 through 8.4.0, 8.3.2 through 8.3.0, and 8.2.2. This security flaw was discovered by security researcher Zach Hanley of Horizon3.ai and was publicly disclosed on November 14, 2023 (Fortinet Advisory).

The vulnerability is classified as a relative path traversal issue (CWE-23) that allows remote unauthenticated attackers to read arbitrary files via crafted HTTP requests. The severity is rated as High with a CVSS v3.1 base score of 7.3. The vulnerability exists in the system's handling of HTTP requests, where insufficient validation of file paths enables attackers to traverse directories and access unauthorized files (NVD, Horizon3 Research).

The successful exploitation of this vulnerability leads to information disclosure, allowing attackers to read arbitrary files on the affected system. This could potentially expose sensitive configuration files, system information, and other confidential data stored on the FortiWLM appliance (Fortinet Advisory).

Fortinet has released patches to address this vulnerability. Organizations using FortiWLM 8.6.x should upgrade to version 8.6.6 or above, while those using 8.5.x should upgrade to version 8.5.5 or above. For versions 8.4.x, 8.3.x, and 8.2.x, users are advised to migrate to a fixed release (Fortinet Advisory).