CVE-2023-34988

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 10, 2023

Updated: Nov 7, 2023

CWE ID 78

Summary

CVE-2023-34988 is a newly disclosed os command injection vulnerability affecting Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. This issue arises due to improper handling of special elements in operating system commands, enabling attackers to execute unauthorized code or commands by crafting malicious HTTP get request parameters. Successful exploitation could lead to serious security implications, including system compromise and data theft. Fortinet urges users to apply the patches or updates released to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Fortinet Fortiwlm

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzlEoP
https://www.cve.org/CVERecord?id=CVE-2023-34988
https://nvd.nist.gov/vuln/detail/CVE-2023-34988

Back to Vulnerability Database