Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-34990

CWE-23CWE-94Code Injection6 documents6 sources
Severity
9.8CRITICAL
EPSS
66.3%
top 1.47%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Fortinet Fortiwlm
Timeline
PublishedDec 18

Description

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiwlm8.5.08.5.5+1
CVEListV5fortinet/fortiwlm8.6.08.6.5+1

🔴Vulnerability Details

2
CVEList
CVE-2023-34990: A relative path traversal in Fortinet FortiWLM version 82024-12-18
GHSA
GHSA-2pp3-2hr3-936m: A relative path traversal in Fortinet FortiWLM version 82024-12-18

💥Exploits & PoCs

1
Nuclei
FortiWLM - Directory Traversal

📋Vendor Advisories

1
Fortinet
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to ex...2024-12-18
CVE-2023-34990 (CRITICAL CVSS 9.8) | A relative path traversal in Fortin | cvebase.io