CVE-2023-34986
published 2023-10-10CVE-2023-34986: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through…
PriorityP265high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.09%
79.2th percentile
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortiwlm | — | — |
| fortinet | fortiwlm | 8.5.0 – 8.5.4 | — |
| fortinet | fortiwlm | 8.6.0 – 8.6.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-34986 is exploited via specially crafted HTTP GET request parameters targeting Fortinet FortiWLM; monitor for anomalous or shell-metacharacter-containing GET parameters on FortiWLM management interfaces ↗
- →Affected versions are FortiWLM 8.6.0–8.6.5 and 8.5.0–8.5.4; flag traffic to/from unpatched FortiWLM instances running these versions ↗
- →Vulnerability class is OS Command Injection (CWE-78); inspect HTTP GET query strings for OS command injection patterns (e.g., semicolons, pipes, backticks, $() constructs) directed at FortiWLM endpoints ↗
- ·This CVE is one of a cluster of related OS command injection vulnerabilities in FortiWLM (CVE-2023-34985 through CVE-2023-34989); detections and patches should account for all five CVEs in this advisory ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Fortinet
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM versio...
vendor_fortinet·2023-10-10·CVSS 8.8
CVE-2023-34985 [HIGH] CWE-78 A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM versio...
FG-IR-23-141: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM versio...
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
CVEs: CVE-2023-34985, CVE-2023-34986, CVE-2023-34987, CVE-2023-34988, CVE-2023-34989
CWEs: CWE-78
CVSS: 8.8 (high)
Affected products: FortiWLM, FortiWlm, Fortinet
GHSA
GHSA-f357-g7p9-rf3h: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8
ghsa_unreviewed·2023-10-10
CVE-2023-34986 [HIGH] CWE-78 GHSA-f357-g7p9-rf3h: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-10
Published