Details of VAR-202310-2612

ID

VAR-202310-2612

CVE

CVE-2023-36550

TITLE

fortinet's FortiWLM In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-014124

DESCRIPTION

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-36550 // JVNDB: JVNDB-2023-014124

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiwlm	scope:	gte	version:	8.6.0	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	lte	version:	8.5.4	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	lte	version:	8.6.5	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	gte	version:	8.5.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiwlm	scope:	eq	version:	8.5.0 to 8.5.4	Trust: 0.8
vendor:	フォーティネット	model:	fortiwlm	scope:	eq	version:	8.6.0 to 8.6.5	Trust: 0.8
vendor:	フォーティネット	model:	fortiwlm	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-014124 // NVD: CVE-2023-36550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-36550
value:	CRITICAL
Trust: 1.0
psirt@fortinet.com:	CVE-2023-36550
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-36550
value:	CRITICAL
Trust: 0.8

nvd@nist.gov:	CVE-2023-36550
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-36550
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-014124 // NVD: CVE-2023-36550 // NVD: CVE-2023-36550

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-014124 // NVD: CVE-2023-36550

PATCH

title:

FG-IR-23-140

url:

https://www.fortiguard.com/psirt/FG-IR-23-140

Trust: 0.8

sources: JVNDB: JVNDB-2023-014124

EXTERNAL IDS

db:	NVD	id:	CVE-2023-36550	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-014124	Trust: 0.8

sources: JVNDB: JVNDB-2023-014124 // NVD: CVE-2023-36550

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-23-140	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-36550	Trust: 0.8

sources: JVNDB: JVNDB-2023-014124 // NVD: CVE-2023-36550

SOURCES

db:	JVNDB	id:	JVNDB-2023-014124
db:	NVD	id:	CVE-2023-36550

LAST UPDATE DATE

2024-08-14T14:36:33.067000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-014124	date:	2023-12-22T07:19:00
db:	NVD	id:	CVE-2023-36550	date:	2023-11-07T04:16:37.370

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-014124	date:	2023-12-22T00:00:00
db:	NVD	id:	CVE-2023-36550	date:	2023-10-10T17:15:12.017