Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2023-34993
Severity
9.8CRITICAL
EPSS
87.0%
top 0.57%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 10
Latest updateDec 19
Description
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-hp4r-wh6m-675v: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8↗2023-10-10
CVEList▶
CVE-2023-34993: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8↗2023-10-10
VulnCheck▶
Fortinet fortiwlm Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2023
💥Exploits & PoCs
1Nuclei▶
Fortinet FortiWLM Unauthenticated Command Injection Vulnerability
🔍Detection Rules
1Suricata▶
ET WEB_SPECIFIC_APPS Fortinet FortiWLM Unauthenticated Command Injection (CVE-2023-34993)↗2024-12-19
📋Vendor Advisories
1Fortinet▶
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM versio...↗2023-10-10