Sign-up

ID

VAR-202310-1898


CVE

CVE-2023-36549


TITLE

fortinet's  FortiWLM  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-014125

DESCRIPTION

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-36549 // JVNDB: JVNDB-2023-014125

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwlmscope:gteversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.5.4

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.6.5

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:gteversion:8.5.0

Trust: 1.0

vendor:フォーティネットmodel:fortiwlmscope:eqversion:8.5.0 to 8.5.4

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:eqversion:8.6.0 to 8.6.5

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-014125 // NVD: CVE-2023-36549

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-36549
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2023-36549
value: HIGH

Trust: 1.0

NVD: CVE-2023-36549
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2023-36549
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-36549
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-36549
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-014125 // NVD: CVE-2023-36549 // NVD: CVE-2023-36549

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-014125 // NVD: CVE-2023-36549

PATCH

title:FG-IR-23-140url:https://www.fortiguard.com/psirt/FG-IR-23-140

Trust: 0.8

sources: JVNDB: JVNDB-2023-014125

EXTERNAL IDS

db:NVDid:CVE-2023-36549

Trust: 2.6

db:JVNDBid:JVNDB-2023-014125

Trust: 0.8

sources: JVNDB: JVNDB-2023-014125 // NVD: CVE-2023-36549

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-23-140

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-36549

Trust: 0.8

sources: JVNDB: JVNDB-2023-014125 // NVD: CVE-2023-36549

SOURCES

db:JVNDBid:JVNDB-2023-014125
db:NVDid:CVE-2023-36549

LAST UPDATE DATE

2024-08-14T14:36:33.572000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-014125date:2023-12-22T07:20:00
db:NVDid:CVE-2023-36549date:2023-11-07T04:16:37.207

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-014125date:2023-12-22T00:00:00
db:NVDid:CVE-2023-36549date:2023-10-10T17:15:11.953