CVE-2023-34992

CVSS Score of 10 (low)

Details

Published Oct 10, 2023
Updated: Nov 7, 2023
CWE ID 78

Summary

CVE-2023-34992 is an improper neutralization of special elements used in an OS command (OS command injection) vulnerability found in Fortinet FortiSIEM versions 7.0.0 and 6.7.0 through 6.7.5, 6.6.0 through 6.6.3, and 6.5.0 through 6.5.1, as well as 6.4.0 through 6.4.2, allowing attackers to execute unauthorized code or commands via crafted API requests. This vulnerability has a high severity rating of 9.8 (out of 10) according to NVD and Fortinet PSIRT, indicating a critical impact on an organization's confidentiality, integrity, and availability of the affected products which include various Fortinet FortiSIEM versions and related models such as r0nx79, r0nx78, r0nx7_, r0nx7-, r0nx77, ooVR2P, tdFy-t, ooVR2O, r0nx8B, r0nx8A, r0nx8D, r0nx8C, s_hHYS, s_hHYR and s_hHYQ among others listed in the source text from the BIuvGo domain category LBbHYm associated with CWE-78 (Improper Neutralization of Special Elements used in an OS Command). It is crucial for organizations to apply the necessary patches or updates provided by Fortinet to remediate this vulnerability and prevent potential unauthorized code execution or command injection attacks on their systems.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-34992 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options