CVE-2023-34992

CRITICAL

Fortinet Fortisiem < 6.6.3 - OS Command Injection

Title source: rule

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests.

Exploits (2)

nomisec WORKING POC 27 stars

by horizon3ai · poc

https://github.com/horizon3ai/CVE-2023-34992

View Code ZIP pw:eip

nomisec WORKING POC

by d0rb · poc

https://github.com/d0rb/CVE-2023-34992-Checker

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-23-130

Scores

CVSS v3 10.0

EPSS 0.7588

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (7)

fortinet/fortisiem 6.4.0

fortinet/fortisiem 6.4.1

fortinet/fortisiem 6.4.2

fortinet/fortisiem 6.5.0

fortinet/fortisiem 6.5.1

fortinet/fortisiem 7.0.0

fortinet/fortisiem 6.6.0 - 6.6.3

Published Oct 10, 2023

Tracked Since Feb 18, 2026