CVE-2023-48782: 
FortiWLM vulnerability analysis and mitigation

A command injection vulnerability (CVE-2023-48782) was discovered in Fortinet FortiWLM versions 8.6.0 through 8.6.5. The vulnerability stems from improper neutralization of special elements used in OS commands, allowing authenticated attackers with low privileges to execute unauthorized code or commands via specifically crafted HTTP GET request parameters (Fortinet Advisory, NVD).

The vulnerability exists in the GUI component of FortiWLM and has been assigned a CVSS v3.1 base score of 8.8 (High severity). The issue specifically affects the /ems/cgi-bin/ezrf_switches.cgi endpoint, which is accessible to both low privilege users and administrators. The vulnerability stems from a lack of proper input validation in the updateStatus() helper function, which is called by both addSwitche() and editSwitche() functions (Horizon3).

Successful exploitation of this vulnerability allows authenticated attackers to execute unauthorized code or commands with root privileges on the affected system. When combined with other vulnerabilities, such as unauthenticated file read issues, attackers could potentially gain complete control of the device (Hacker News).

Fortinet has released version 8.6.6 to address this vulnerability. Users of affected versions (8.6.0 through 8.6.5) are strongly advised to upgrade to version 8.6.6 or above. FortiWLM version 8.5 is not affected by this vulnerability (Fortinet Advisory).

The vulnerability was discovered and reported by security researcher Zach Hanley (@hacks_zach) of Horizon3.ai under responsible disclosure practices. The discovery was part of a broader security audit that uncovered multiple vulnerabilities in Fortinet products (Horizon3).