Details of VAR-202312-2353

ID

VAR-202312-2353

CVE

CVE-2023-48782

TITLE

fortinet's FortiWLM In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-020026

DESCRIPTION

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-48782 // JVNDB: JVNDB-2023-020026

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiwlm	scope:	gte	version:	8.6.0	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	lte	version:	8.6.5	Trust: 1.0
vendor:	フォーティネット	model:	fortiwlm	scope:	eq	version:	8.6.0 to 8.6.5	Trust: 0.8
vendor:	フォーティネット	model:	fortiwlm	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-020026 // NVD: CVE-2023-48782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-48782
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2023-48782
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-48782
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-48782
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-48782
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-020026 // NVD: CVE-2023-48782 // NVD: CVE-2023-48782

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-020026 // NVD: CVE-2023-48782

PATCH

title:

FG-IR-23-450

url:

https://www.fortiguard.com/psirt/FG-IR-23-450

Trust: 0.8

sources: JVNDB: JVNDB-2023-020026

EXTERNAL IDS

db:	NVD	id:	CVE-2023-48782	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-020026	Trust: 0.8

sources: JVNDB: JVNDB-2023-020026 // NVD: CVE-2023-48782

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-23-450	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-48782	Trust: 0.8

sources: JVNDB: JVNDB-2023-020026 // NVD: CVE-2023-48782

SOURCES

db:	JVNDB	id:	JVNDB-2023-020026
db:	NVD	id:	CVE-2023-48782

LAST UPDATE DATE

2024-08-14T14:09:37.928000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-020026	date:	2024-01-15T07:38:00
db:	NVD	id:	CVE-2023-48782	date:	2023-12-15T20:01:55.773

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-020026	date:	2024-01-15T00:00:00
db:	NVD	id:	CVE-2023-48782	date:	2023-12-13T07:15:27.480