======================================================================

                                  CERT-Renater

                      Note d'Information No. 2024/VULN545
_____________________________________________________________________

DATE                : 19/12/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiWLM versions prior to
                                  8.6.6, 8.5.5.

=====================================================================
https://www.fortiguard.com/psirt/FG-IR-23-144
_____________________________________________________________________

[FortiWLM] Unauthenticated limited file read vulnerability


Summary

A relative path traversal [CWE-23] in FortiWLM may allow a remote
unauthenticated attacker to read sensitive files.


Version 	Affected 	Solution

FortiWLM 8.6 	8.6.0 through 8.6.5 	Upgrade to 8.6.6 or above
FortiWLM 8.5 	8.5.0 through 8.5.4 	Upgrade to 8.5.5 or above


Acknowledgement

Fortinet is pleased to thank security researcher Zach Hanley
(@hacks_zach) of Horizon3.ai for discovering and reporting this
vulnerability under responsible disclosure.


Timeline

2024-12-18: Initial publication



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================