Cyber Resilience

CVE-2023-34993

CriticalRCE

Published: 10 October 2023

Published
10 October 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8768 99.5th percentile
Risk Priority 72 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-34993 is a critical-severity OS Command Injection (CWE-78) vulnerability in Fortinet Fortiwlm. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2023-34993 is an OS command injection vulnerability (CWE-78) affecting Fortinet FortiWLM wireless LAN management software in versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. The flaw stems from improper neutralization of special elements in OS commands, enabling remote attackers to inject and execute arbitrary commands through crafted parameters in HTTP GET requests. It carries a CVSS 3.1 base score of 9.8, reflecting network-accessible exploitation with no required authentication or user interaction and full impact on confidentiality, integrity, and availability.

An unauthenticated attacker can send a maliciously constructed HTTP GET request to an exposed FortiWLM instance and achieve arbitrary code execution on the underlying system. This grants the ability to run unauthorized commands, potentially leading to full device compromise, data exfiltration, or use as a foothold for further network attacks.

The vendor advisory FG-IR-23-140, published alongside the CVE, directs administrators to apply the fixes released by Fortinet for the affected FortiWLM branches.

The EPSS score for this vulnerability currently stands at 0.8768 with a recorded peak of 0.9683, indicating sustained high exploitation interest following disclosure.

EU & UK References

Vulnerability details

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fortinet
fortiwlm
8.5.0 — 8.5.4 · 8.6.0 — 8.6.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References