Share
## https://sploitus.com/exploit?id=SAINT:A50AF7D716DE5A0850F5CA88B38E7089
Added: 03/18/2024  


### Background

[Fortinet Wireless Manager (FortiWLM)](<https://docs.fortinet.com/document/fortimanager/6.4.0/administration-guide/679601/wireless-manager-fortiwlm>) allows you to manage wireless networks on FortiGates. 

### Problem

A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by calling the `deleteprogressfile` function with a specially crafted `progressfile` parameter. 

### Resolution

Upgrade to FortiWLM 8.5.5 or 8.6.6 or higher. 

### References

<https://www.fortiguard.com/psirt/FG-IR-23-140>  
<https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/>  


### Platforms

FortiWLM