CVE-2023-34992
CVE-2023-34992
In short
A vulnerability in Fortinet products allows attackers to run unauthorized commands on the system by sending specially crafted requests to an API. An attacker can gain full control over the affected device without needing special access.
Technical detail
OS command injection vulnerability in Fortinet API endpoints fails to properly sanitize user-supplied input before passing it to system command execution functions. Unauthenticated or low-privileged attackers can exploit this via crafted API requests to achieve remote code execution with system-level privileges.
Summary generated and translated by AI from the official description.
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:X/RC:X
Affected products
Fortinet · FortiSIEMpublic PoCs found — 2
githubgithub.com/horizon3ai/CVE-2023-34992★ 27githubgithub.com/d0rb/CVE-2023-34992-Checker★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →