CVE-2023-48782 — Vulnetix

CVE-2023-48782 PUBLISHED CVSS 8.600000381469727 HIGH

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters

EPSS 3.86% · 88.4th percentile

Risk Scores

CVSS v3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X

EPSS Score

3.86%

88.4th percentile

Affected Products

Vendor	Product	Versions
fortinet	fortiwlm	8.6.0
Fortinet	FortiWLM	8.6.0

Timeline

Dec 13, 2023 CVE Published
Dec 13, 2023 EPSS Score
Feb 9, 2024 EPSS Score
Mar 10, 2024 EPSS Score
May 7, 2024 EPSS Score
Jun 5, 2024 EPSS Score
Aug 3, 2024 EPSS Score
Sep 1, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 29, 2024 EPSS Score
Nov 27, 2024 EPSS Score
Dec 19, 2024 PoC Published

References

https://www.fortiguard.com/psirt/FG-IR-23-138 advisory
https://www.fortiguard.com/psirt/FG-IR-23-270 advisory
https://www.fortiguard.com/psirt/FG-IR-23-214 advisory
https://www.fortiguard.com/psirt/FG-IR-23-196 advisory
https://www.fortiguard.com/psirt/FG-IR-23-360 advisory
https://www.fortiguard.com/psirt/FG-IR-23-439 advisory
https://www.fortiguard.com/psirt/FG-IR-23-425 advisory
https://www.fortiguard.com/psirt/FG-IR-22-038 advisory
https://www.fortiguard.com/psirt/FG-IR-23-256 advisory
https://www.fortiguard.com/psirt/FG-IR-22-345 advisory
https://www.fortiguard.com/psirt/FG-IR-23-432 advisory
https://www.fortiguard.com/psirt/FG-IR-23-450 advisory
https://fortiguard.com/psirt/FG-IR-23-450 url
https://nvd.nist.gov/vuln/detail/CVE-2023-48782 advisory

Open in Interactive Console →