Hack Reports - Latest Cybersecurity News, Trends & Updates

Fortinet Patches Critical FortiWLM Vulnerability - SecurityWeek

Geetansh -

Latest News on Fortinet FortiWLM Vulnerability Patch and Critical Vulnerabilities in 2024

Fortinet FortiWLM Vulnerability Patch:
Fortinet has issued a security advisory to address a critical vulnerability in its Wireless LAN Manager (FortiWLM) product. The vulnerability, tracked as CVE-2023-34990, is a path traversal issue that could lead to the disclosure of sensitive information and potentially grant administrative access to attackers12. The vulnerability was originally fixed by Fortinet in September 2023 but was not initially assigned a CVE designation. It has a CVSS score of 9.6 out of a maximum of 10.0, indicating its critical severity12.

Other Critical Vulnerabilities in 2024:

  1. Fortinet EMS Vulnerability:

    • A critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors. The vulnerability, CVE-2023-48788, is an SQL injection bug that allows attackers to execute unauthorized code or commands. This vulnerability has a CVSS score of 9.3 and has been patched1.

  2. Zyxel Firewall Directory Traversal Vulnerability:

    • A critical vulnerability in Zyxel Firewall, tracked as CVE-2024-11667, is being exploited in recent cyberattacks to deploy the Helldown ransomware. This vulnerability allows attackers to traverse directories, potentially leading to sensitive data exposure and system compromise2.

  3. Progress WhatsUp Gold Vulnerability:

    • Progress WhatsUp Gold is vulnerable to a critical severity flaw that may allow an attacker to execute remote code on the affected system. Tracked as CVE-2024-8785, this vulnerability has a CVSS score of 9.8 and has been publicly disclosed with proof-of-concept exploit code2.

  4. Apache Struts Vulnerability:

    • Apache has addressed a critical vulnerability in its Struts2 product, tracked as CVE-2024-53677. This vulnerability could allow a remote attacker to execute arbitrary code, leading to critical data loss and possible system compromise2.

  5. Cleo Harmony and VLTrader Vulnerabilities:

    • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities in Cleo Harmony and VLTrader to its Known Exploited Vulnerabilities Catalog. Tracked as CVE-2024-50623 and CVE-2024-55956, these vulnerabilities could lead to remote code execution and have been urged to be patched by January 3, 2025, and January 7, 2025, respectively2.

  6. Veeam Service Provider Console Vulnerabilities:

    • Veeam Service Provider Console is vulnerable to two security flaws, tracked as CVE-2024-42448 and CVE-2024-42449. These vulnerabilities could allow an attacker to execute arbitrary code or leak the NTLM hash of the VSPC server service account and delete files on the VSPC server2.

  7. Zabbix Server Vulnerability:

    • Zabbix server is vulnerable to a critical severity flaw, tracked as CVE-2024-42327. This vulnerability has a CVSS score of 9.9 and could allow attackers to escalate privileges and gain complete control of vulnerable Zabbix servers2.

Summary:

Fortinet has addressed a critical vulnerability in its Wireless LAN Manager (FortiWLM) product, while other critical vulnerabilities in 2024 include those in Fortinet EMS, Zyxel Firewall, Progress WhatsUp Gold, Apache Struts, Cleo Harmony and VLTrader, Veeam Service Provider Console, and Zabbix server. These vulnerabilities highlight the ongoing need for timely security updates and patches to mitigate potential cyber threats.