CVE-2023-34990
CRITICAL NUCLEIFortinet FortiWLM 8.5.0-8.5.4 and 8.6.0-8.6.5 - Relative Path Traversal and Code Execution via Web Requests
Title source: llmExploitation Summary
CVE-2023-34990 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
Nuclei Templates (1)
FortiWLM - Directory Traversal
CRITICALby DhiyaneshDk
Shodan:
title:"FortiWLM Login"
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-144
Scores
CVSS v3
9.8
EPSS
0.2490
EPSS Percentile
97.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
CWE-23
Status
published
Products (1)
fortinet/fortiwlm
8.5.0 - 8.5.5
Published
Dec 18, 2024
Tracked Since
Feb 18, 2026