Fortinet FortiWLM could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted HTTP request to the alarm dashboard and controller config handlers, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Fortinet FortiWLM could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the management interface containing “dot dot” sequences (/../) to retrieve arbitrary files from the underlying filesystem.
Fortinet FortiToken Mobile (Android) could allow a remote authenticated attacker to bypass security restrictions, caused by an improper access control vulnerability. By sending a specially-crafted request, an attacker could exploit this vulnerability to access the protected system during the 2FA procedure.
Fortinet FortiWLM is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted HTTP requests to the AP monitor handlers, which could allow the attacker to view, add, modify or delete information in the back-end database.
Refer to FortiGuard Advisory for patch, upgrade, or suggested workaround information.