Fortinet FortiWLC Improper Access Control Vulnerability Allowing Unauthenticated Remote Access to Web Management CGI Resources

Vulnerability

A vulnerability allowing improper access control has been identified in Fortinet FortiWLC versions 8.6.0, 8.5.3 and below, 8.4.8 and below, 8.3.3 and below, and 8.2.7 to 8.2.4. This vulnerability may enable an unauthenticated remote attacker to access certain limited areas of the web management CGI functionality by specifying the correct URL. Exploitation of this vulnerability could allow unauthorized access to configuration details.

Impact

Exploitation of this vulnerability could lead to unauthorized access to specific configuration details through limited CGI resources in the web management interface.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiWLC Improper Access Control Vulnerability Allowing Unauthenticated Remote Access to Web Management CGI Resources

Vulnerability

Impact

Affected Products

Fortinet FortiWLC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating