.. / CVE-2023-34993

Exploit for Fortinet FortiWLM Unauthenticated Command Injection Vulnerability (CVE-2023-34993)

Description:

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the affected system.

Nuclei Template

View the template here CVE-2023-34993.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-34993.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-34993
https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/
https://fortiguard.com/psirt/FG-IR-23-140