Sign-up

ID

VAR-202311-1591


CVE

CVE-2023-34991


TITLE

Fortinet FortiWLM SQL injection vulnerability (CNVD-2024-13757)

Trust: 0.6

sources: CNVD: CNVD-2024-13757

DESCRIPTION

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. Fortinet FortiWLM is a wireless manager from the American company Fortinet. Fortinet FortiWLM has a SQL injection vulnerability, which results from the application's lack of validation of externally input SQL statements

Trust: 1.44

sources: NVD: CVE-2023-34991 // CNVD: CNVD-2024-13757

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-13757

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwlmscope:eqversion:8.2.2

Trust: 1.6

vendor:fortinetmodel:fortiwlmscope:eqversion:8.4.2

Trust: 1.6

vendor:fortinetmodel:fortiwlmscope:eqversion:8.4.1

Trust: 1.6

vendor:fortinetmodel:fortiwlmscope:eqversion:8.4.0

Trust: 1.6

vendor:fortinetmodel:fortiwlmscope:eqversion:8.3.2

Trust: 1.6

vendor:fortinetmodel:fortiwlmscope:eqversion:8.3.1

Trust: 1.6

vendor:fortinetmodel:fortiwlmscope:eqversion:8.3.0

Trust: 1.6

vendor:fortinetmodel:fortiwlmscope:lteversion:8.5.4

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.6.5

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:gteversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:gteversion:8.5.0

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:gteversion:8.6.0,<=8.6.5

Trust: 0.6

vendor:fortinetmodel:fortiwlmscope:gteversion:8.5.0,<=8.5.4

Trust: 0.6

sources: CNVD: CNVD-2024-13757 // NVD: CVE-2023-34991

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-34991
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2023-34991
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2024-13757
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-13757
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-34991
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2024-13757 // NVD: CVE-2023-34991 // NVD: CVE-2023-34991

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

sources: NVD: CVE-2023-34991

PATCH

title:Patch for Fortinet FortiWLM SQL injection vulnerability (CNVD-2024-13757)url:https://www.cnvd.org.cn/patchInfo/show/534421

Trust: 0.6

sources: CNVD: CNVD-2024-13757

EXTERNAL IDS

db:NVDid:CVE-2023-34991

Trust: 1.6

db:CNVDid:CNVD-2024-13757

Trust: 0.6

sources: CNVD: CNVD-2024-13757 // NVD: CVE-2023-34991

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-23-142

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-34991

Trust: 0.6

sources: CNVD: CNVD-2024-13757 // NVD: CVE-2023-34991

SOURCES

db:CNVDid:CNVD-2024-13757
db:NVDid:CVE-2023-34991

LAST UPDATE DATE

2024-08-14T14:09:40.674000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-13757date:2024-03-18T00:00:00
db:NVDid:CVE-2023-34991date:2023-11-20T17:19:37.650

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-13757date:2024-03-18T00:00:00
db:NVDid:CVE-2023-34991date:2023-11-14T18:15:30.443