CVE-2023-48782

CWE-78 — OS Command Injection5 documents5 sources

Severity

8.8HIGH

EPSS

3.9%

top 11.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiwlm

Timeline

PublishedDec 13

Latest updateDec 19

Description

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fortinet/fortiwlm8.6.0 — 8.6.5

▶NVDfortinet/fortiwlm8.6.0 — 8.6.5

🔴Vulnerability Details

GHSA

GHSA-xr3x-xv96-4f83: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8↗2023-12-13

▶

CVEList

CVE-2023-48782: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8↗2023-12-13

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Fortinet FortiWLM Authenticated Command Injection (CVE-2023-48782)↗2024-12-19

▶

📋Vendor Advisories

Fortinet

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM versio...↗2023-12-13

▶