all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiWLM MEA for FortiManager - improper access control in backup and restore features

Add to bookmarks
March 12, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper access control vulnerability [`CWE-284]` in FortiWLM MEA for FortiManager may allow an unauthenticated remote attacker to execute arbitrary code or commands via specifically crafted requests.Note that FortiWLM MEA is not installed by default on FortiManager and can be disabled as a workaround.

access access control arbitrary code attacker backup backup and restore can code control cwe default disabled features fortimanager may requests restore unauthenticated vulnerability workaround

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 2 weeks, 4 days ago | fortiguard.fortinet.com
actor attacker cwe device +17
FortiSandbox - Arbitrary file read on endpoint 2 weeks, 4 days ago | fortiguard.fortinet.com
arbitrary files attacker cwe directory +12
FortiNAC-F - Lack of certificate validation 2 weeks, 4 days ago | fortiguard.fortinet.com
attack attacker certificate channel +12
FortiOS - Format String in CLI command 2 weeks, 4 days ago | fortiguard.fortinet.com
access admin arbitrary code attacker +16
FortiOS & FortiProxy - administrator cookie leakage 2 weeks, 4 days ago | fortiguard.fortinet.com
administrator attacker conditions cookie +10
FortiSandbox - Arbitrary file delete on endpoint 2 weeks, 4 days ago | fortiguard.fortinet.com
arbitrary files attacker cwe delete +13
FortiClientMac - Lack of configuration file validation 2 weeks, 4 days ago | fortiguard.fortinet.com
arbitrary code attacker code configuration +15
FortiManager - Code Injection via Jinja Template 2 weeks, 4 days ago | fortiguard.fortinet.com
arbitrary code attacker code code injection +11
FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 2 weeks, 4 days ago | fortiguard.fortinet.com
access admin arbitrary code arbitrary code execution +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Director, Cybersecurity - Governance, Risk and Compliance (GRC)

@ Stanley Black & Decker | New Britain CT USA - 1000 Stanley Dr
View on infosec-jobs.com

Information Security Risk Metrics Lead

@ Live Nation Entertainment | Work At Home-Connecticut
View on infosec-jobs.com

IT Product Owner - Enterprise DevSec Platform (d/f/m)

@ Airbus | Hamburg - Finkenwerder
View on infosec-jobs.com

Senior Information Security Specialist

@ Arthur Grand Technologies Inc | Arlington, VA, United States
View on infosec-jobs.com

Information Security Controls SME

@ Sword | Aberdeen, Scotland, United Kingdom
View on infosec-jobs.com
View more jobs