VDB

CVE-2023-34993

CVE-2023-34993 PUBLISHED CVSS 9.600000381469727 CRITICAL

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

EPSS 86.96% · 99.4th percentile

Risk Scores

CVSS v3.1
9.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X
EPSS Score
86.96%
99.4th percentile

Affected Products

VendorProductVersions
fortinetfortiwlm8.6.0, 8.5.0
FortinetFortiWLM8.6.0, 8.5.0
fortinetfortiwlm8.6.0, 8.5.0

Timeline

  • Jan 20, 1970 CrowdSec Sighting
  • Jan 20, 1970 CrowdSec Sighting
  • Jan 20, 1970 CrowdSec Sighting
  • Jan 20, 1970 CrowdSec Sighting
  • Jan 21, 1970 CrowdSec Sighting
  • Jan 21, 1970 CrowdSec Sighting
  • Jan 21, 1970 CrowdSec Sighting
  • Jan 21, 1970 CrowdSec Sighting
  • Oct 21, 2021 CrowdSec Sighting
  • Oct 20, 2022 CrowdSec Sighting
  • Feb 22, 2023 CrowdSec Sighting
  • Mar 9, 2023 CrowdSec Sighting

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›