cbcvebase.
CVE-2023-34992
published 2023-10-10

CVE-2023-34992: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests.

Affected

12 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem6.4.0 – 6.4.2
fortinetfortisiem6.5.0 – 6.5.1
fortinetfortisiem6.6.0 – 6.6.3
fortinetfortisiem6.7.0 – 6.7.5