Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-34993: Fortiguard

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

CVE
Open in Source
#vulnerability#auth

** PSIRT Advisories**

FortiWLM - Unauthenticated command injection vulnerability

Summary

Multiple improper neutralization of special elements used in an os command (“OS command injection”) vulnerabilities [CWE-78] in FortiWLM may allow a remote unauthenticated attacker to execute unauthorized commands via specifically crafted http get request parameters.

Version

Affected Products

Solutions

FortiWLM 8.6

8.6.0 through 8.6.5

Upgrade to 8.6.6 or above

FortiWLM 8.5

8.5.0 through 8.5.4

Upgrade to 8.5.5 or above

Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

Acknowledgement

Fortinet is pleased to thank security researchers Zach Hanley (@hacks_zach) of Horizon3.ai for discovering and reporting this vulnerability under responsible disclosure.

Timeline

2023-09-29: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE