Search

Find a vulnerability

Search criteria

    70 vulnerabilities found for FortiWLM by Fortinet

    VAR-202412-2453

    Vulnerability from variot - Updated: 2025-06-07 23:55

    A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. fortinet's FortiWLM contains a relative path traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLM is a wireless manager of Fortinet, an American company.

    Fortinet FortiWLM has a path traversal vulnerability, which is caused by the program failing to properly filter special elements in resource or file paths

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202412-2453",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.6"
          },
          {
            "model": "fortiwlm",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  that\u0027s all  8.5.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  that\u0027s all  8.6.6"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.6.0,\u003c=8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.5.0,\u003c=8.5.4"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34990"
          }
        ]
      },
      "cve": "CVE-2023-34990",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2024-49638",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-34990",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-029158",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-34990",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-34990",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-029158",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-49638",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34990"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34990"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. fortinet\u0027s FortiWLM contains a relative path traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLM is a wireless manager of Fortinet, an American company. \n\nFortinet FortiWLM has a path traversal vulnerability, which is caused by the program failing to properly filter special elements in resource or file paths",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-34990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-34990",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029158",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-49638",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34990"
          }
        ]
      },
      "id": "VAR-202412-2453",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          }
        ],
        "trust": 0.90357143
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          }
        ]
      },
      "last_update_date": "2025-06-07T23:55:13.186000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-144",
            "trust": 0.8,
            "url": "https://fortiguard.com/psirt/FG-IR-23-144"
          },
          {
            "title": "Patch for Fortinet FortiWLM Path Traversal Vulnerability (CNVD-2024-4963848)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/647186"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-23",
            "trust": 1.0
          },
          {
            "problemtype": "Relative past traversal (CWE-23) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Code injection (CWE-94) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34990"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://fortiguard.com/psirt/fg-ir-23-144"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34990"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34990"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34990"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-12-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          },
          {
            "date": "2025-06-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          },
          {
            "date": "2024-12-18T13:15:05.547000",
            "db": "NVD",
            "id": "CVE-2023-34990"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-12-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-49638"
          },
          {
            "date": "2025-06-06T07:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          },
          {
            "date": "2025-06-05T15:32:55.290000",
            "db": "NVD",
            "id": "CVE-2023-34990"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 relative path traversal vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029158"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201707-1083

    Vulnerability from variot - Updated: 2025-04-20 23:16

    A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. FortiWLM is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the device. FortiWLM versions 8.3.0 and prior are vulnerable. Fortinet FortiWLM is a wireless network device management platform developed by Fortinet

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1083",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "fortinet",
            "version": "8.3.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.3.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.3"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.2.2"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.0"
          },
          {
            "model": "fortiwlm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "8.3.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "99351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1378"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7336"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fortinet:fortiwlm",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Adam Piekarzewski",
        "sources": [
          {
            "db": "BID",
            "id": "99351"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-7336",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-7336",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-115539",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-7336",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-7336",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-7336",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-1378",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-115539",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-115539"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1378"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7336"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A hard-coded account named \u0027upgrade\u0027 in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with \u0027upgrade\u0027 account privileges. FortiWLM is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the device. \nFortiWLM versions 8.3.0 and prior are vulnerable. Fortinet FortiWLM is a wireless network device management platform developed by Fortinet",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          },
          {
            "db": "BID",
            "id": "99351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115539"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-7336",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "99351",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1378",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-115539",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-115539"
          },
          {
            "db": "BID",
            "id": "99351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1378"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7336"
          }
        ]
      },
      "id": "VAR-201707-1083",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-115539"
          }
        ],
        "trust": 0.40357142999999995
      },
      "last_update_date": "2025-04-20T23:16:00.728000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-17-115",
            "trust": 0.8,
            "url": "http://fortiguard.com/psirt/FG-IR-17-115"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-115539"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7336"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-17-115"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/99351"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7336"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7336"
          },
          {
            "trust": 0.3,
            "url": "http://www.fortinet.com/"
          },
          {
            "trust": 0.3,
            "url": "http://fortiguard.com/psirt/fg-ir-17-115"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-115539"
          },
          {
            "db": "BID",
            "id": "99351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1378"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7336"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-115539"
          },
          {
            "db": "BID",
            "id": "99351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1378"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7336"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-115539"
          },
          {
            "date": "2017-06-30T00:00:00",
            "db": "BID",
            "id": "99351"
          },
          {
            "date": "2017-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          },
          {
            "date": "2017-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1378"
          },
          {
            "date": "2017-07-22T21:29:00.273000",
            "db": "NVD",
            "id": "CVE-2017-7336"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-115539"
          },
          {
            "date": "2017-06-30T00:00:00",
            "db": "BID",
            "id": "99351"
          },
          {
            "date": "2017-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          },
          {
            "date": "2017-07-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1378"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-7336"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1378"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet FortiWLM Logged in vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005995"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1378"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202203-0892

    Vulnerability from variot - Updated: 2024-11-23 23:10

    Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. FortiWLM A path traversal vulnerability exists in the management interface.Information may be obtained. Fortinet FortiWLC is a wireless LAN controller from Fortinet

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0892",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.0"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.4.0"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.4.2"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.3"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.2.2"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.2"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.2"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.3  and earlier"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.2  and earlier"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.4.2  and earlier"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.2  and earlier"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.2.2"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43070"
          }
        ]
      },
      "cve": "CVE-2021-43070",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-43070",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-404120",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-43070",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-43070",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-43070",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-43070",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-43070",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-43070",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-085",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-404120",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-085"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43070"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43070"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. FortiWLM A path traversal vulnerability exists in the management interface.Information may be obtained. Fortinet FortiWLC is a wireless LAN controller from Fortinet",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-43070"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          },
          {
            "db": "VULHUB",
            "id": "VHN-404120"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-43070",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006804",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1513",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022040714",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-085",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-50952",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-404120",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-085"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43070"
          }
        ]
      },
      "id": "VAR-202203-0892",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404120"
          }
        ],
        "trust": 0.40357142999999995
      },
      "last_update_date": "2024-11-23T23:10:56.618000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-21-106",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-21-106"
          },
          {
            "title": "Fortinet FortiWLM Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184406"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-085"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.1
          },
          {
            "problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43070"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/psirt/fg-ir-21-106"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43070"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022040714"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-43070/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1513"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-085"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43070"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-404120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-085"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43070"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-404120"
          },
          {
            "date": "2023-07-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          },
          {
            "date": "2022-03-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-085"
          },
          {
            "date": "2022-03-02T17:15:07.887000",
            "db": "NVD",
            "id": "CVE-2021-43070"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-404120"
          },
          {
            "date": "2023-07-10T02:46:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          },
          {
            "date": "2022-04-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-085"
          },
          {
            "date": "2024-11-21T06:28:38.267000",
            "db": "NVD",
            "id": "CVE-2021-43070"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-085"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "FortiWLM\u00a0 Path traversal vulnerability in management interface",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006804"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-085"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202203-0906

    Vulnerability from variot - Updated: 2024-11-23 22:20

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. Fortinet FortiWLC is a wireless LAN controller from Fortinet. There is a command injection vulnerability in Fortinet FortiWLC

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0906",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.2"
          },
          {
            "model": "fortiwlm",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.3"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.4.2"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.4.0"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.2"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "\u003c=8.3.2"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.4.0,\u003c=8.4.2"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.5.0,\u003c=8.5.2"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.6.0,\u003c8.6.3"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43075"
          }
        ]
      },
      "cve": "CVE-2021-43075",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-43075",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-18538",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-404125",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-43075",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-43075",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-43075",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-18538",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-036",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-404125",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-404125"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43075"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43075"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. Fortinet FortiWLC is a wireless LAN controller from Fortinet. There is a command injection vulnerability in Fortinet FortiWLC",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-43075"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-404125"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-43075",
            "trust": 2.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0865",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022030128",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-036",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-404125",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-404125"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43075"
          }
        ]
      },
      "id": "VAR-202203-0906",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-404125"
          }
        ],
        "trust": 1.00357143
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:20:33.834000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Fortinet FortiWLM Command Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/325061"
          },
          {
            "title": "Fortinet FortiWLM Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184276"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-036"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404125"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43075"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-21-128"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43075"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-43075/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022030128"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0865"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-404125"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43075"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-404125"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43075"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          },
          {
            "date": "2022-03-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-404125"
          },
          {
            "date": "2022-03-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-036"
          },
          {
            "date": "2022-03-01T19:15:08.480000",
            "db": "NVD",
            "id": "CVE-2021-43075"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          },
          {
            "date": "2022-03-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-404125"
          },
          {
            "date": "2022-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-036"
          },
          {
            "date": "2024-11-21T06:28:38.870000",
            "db": "NVD",
            "id": "CVE-2021-43075"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-036"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet FortiWLM Command Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-18538"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-036"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202203-0905

    Vulnerability from variot - Updated: 2024-11-23 22:20

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLC is a wireless LAN controller from Fortinet. An SQL injection vulnerability exists in Fortinet FortiWLC. The vulnerability stems from insufficient sanitization of user-provided data in the AP monitoring handler. Attackers can use this vulnerability to send specially crafted requests to the affected application and execute arbitrary SQL in the application database. Order

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0905",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.2"
          },
          {
            "model": "fortiwlm",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.3"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.4.2"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.4.0"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.2"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.3.2  to"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.4.0  to  8.4.2"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.2"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.2"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43077"
          }
        ]
      },
      "cve": "CVE-2021-43077",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-43077",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-404127",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-43077",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-007384",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-43077",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-43077",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-43077",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-035",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-404127",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43077"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43077"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLC is a wireless LAN controller from Fortinet. An SQL injection vulnerability exists in Fortinet FortiWLC. The vulnerability stems from insufficient sanitization of user-provided data in the AP monitoring handler. Attackers can use this vulnerability to send specially crafted requests to the affected application and execute arbitrary SQL in the application database. Order",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-43077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          },
          {
            "db": "VULHUB",
            "id": "VHN-404127"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-43077",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007384",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0864",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022030128",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-035",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-50953",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-404127",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43077"
          }
        ]
      },
      "id": "VAR-202203-0905",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404127"
          }
        ],
        "trust": 0.40357142999999995
      },
      "last_update_date": "2024-11-23T22:20:33.808000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-21-189",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-21-189"
          },
          {
            "title": "Fortinet FortiWLM SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184275"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-035"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43077"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-21-189"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43077"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-43077/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022030128"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0864"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-404127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43077"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-404127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43077"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-404127"
          },
          {
            "date": "2023-07-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          },
          {
            "date": "2022-03-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-035"
          },
          {
            "date": "2022-03-01T19:15:08.530000",
            "db": "NVD",
            "id": "CVE-2021-43077"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-404127"
          },
          {
            "date": "2023-07-14T02:46:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          },
          {
            "date": "2022-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-035"
          },
          {
            "date": "2024-11-21T06:28:39.100000",
            "db": "NVD",
            "id": "CVE-2021-43077"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-035"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet\u00a0FortiWLM\u00a0 In SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007384"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-035"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0356

    Vulnerability from variot - Updated: 2024-11-23 22:05

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FortiWLMTM is a wireless manager. FortiWLMTM versions 8.6.1 and below have a security vulnerability that could allow an unauthenticated user to pollute database data and extract sensitive information via crafted HTTP requests to send to alerts and device handlers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0356",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.1"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.1  and earlier"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42760"
          }
        ]
      },
      "cve": "CVE-2021-42760",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-42760",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-403822",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-42760",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-015999",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-42760",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-42760",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-42760",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202112-527",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-403822",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-403822"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-527"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42760"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42760"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FortiWLMTM is a wireless manager. FortiWLMTM versions 8.6.1 and below have a security vulnerability that could allow an unauthenticated user to pollute database data and extract sensitive information via crafted HTTP requests to send to alerts and device handlers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-42760"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          },
          {
            "db": "VULHUB",
            "id": "VHN-403822"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-42760",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015999",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-527",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4142",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021120722",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-02764",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-403822",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-403822"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-527"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42760"
          }
        ]
      },
      "id": "VAR-202112-0356",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-403822"
          }
        ],
        "trust": 0.40357142999999995
      },
      "last_update_date": "2024-11-23T22:05:05.879000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-21-129",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-21-129"
          },
          {
            "title": "Fortinet FortiWLM SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173869"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-527"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-403822"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42760"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-21-129"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42760"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4142"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021120722"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-403822"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-527"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42760"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-403822"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-527"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42760"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-403822"
          },
          {
            "date": "2022-12-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-527"
          },
          {
            "date": "2021-12-08T12:15:07.887000",
            "db": "NVD",
            "id": "CVE-2021-42760"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-403822"
          },
          {
            "date": "2022-12-05T05:54:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          },
          {
            "date": "2021-12-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-527"
          },
          {
            "date": "2024-11-21T06:28:07.037000",
            "db": "NVD",
            "id": "CVE-2021-42760"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-527"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet\u00a0FortiWLM\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015999"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-527"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0287

    Vulnerability from variot - Updated: 2024-11-23 22:05

    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests. Fortinet FortiWLM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. FortiWLMTM is a wireless manager. FortiWLM 8.6.1 and below have a security vulnerability that could allow an authenticated user to perform an XSS attack via a crafted HTTP GET request

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0287",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.1"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.1  and earlier"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42752"
          }
        ]
      },
      "cve": "CVE-2021-42752",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-42752",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-403815",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2021-42752",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-016002",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-42752",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-42752",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-42752",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202112-526",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-403815",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-403815"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-526"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42752"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42752"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim\u0027s host via crafted HTTP requests. Fortinet FortiWLM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. FortiWLMTM is a wireless manager. FortiWLM 8.6.1 and below have a security vulnerability that could allow an authenticated user to perform an XSS attack via a crafted HTTP GET request",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-42752"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          },
          {
            "db": "VULHUB",
            "id": "VHN-403815"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-42752",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016002",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-526",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4142",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021120722",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-02763",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-403815",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-403815"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-526"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42752"
          }
        ]
      },
      "id": "VAR-202112-0287",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-403815"
          }
        ],
        "trust": 0.40357142999999995
      },
      "last_update_date": "2024-11-23T22:05:05.853000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-21-111",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-21-111"
          },
          {
            "title": "Fortinet FortiWLM Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173720"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-526"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-403815"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42752"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-21-111"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42752"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4142"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021120722"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-403815"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-526"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42752"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-403815"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-526"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42752"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-403815"
          },
          {
            "date": "2022-12-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-526"
          },
          {
            "date": "2021-12-08T12:15:07.837000",
            "db": "NVD",
            "id": "CVE-2021-42752"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-403815"
          },
          {
            "date": "2022-12-05T05:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          },
          {
            "date": "2021-12-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-526"
          },
          {
            "date": "2024-11-21T06:28:05.893000",
            "db": "NVD",
            "id": "CVE-2021-42752"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-526"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet\u00a0FortiWLM\u00a0 Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016002"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-526"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0288

    Vulnerability from variot - Updated: 2024-11-23 22:05

    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests. Fortinet FortiWLM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. FortiWLMTM is a wireless manager. FortiWLM 8.6.1 and below have a security vulnerability that could allow an authenticated attacker to perform stored cross-site scripting (XSS) by storing a malicious payload

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0288",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.1"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.1  and earlier"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41029"
          }
        ]
      },
      "cve": "CVE-2021-41029",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-41029",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-402299",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2021-41029",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-41029",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-41029",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-41029",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-41029",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-41029",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202112-525",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-402299",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-402299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-525"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41029"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41029"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests. Fortinet FortiWLM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. FortiWLMTM is a wireless manager. FortiWLM 8.6.1 and below have a security vulnerability that could allow an authenticated attacker to perform stored cross-site scripting (XSS) by storing a malicious payload",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-41029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          },
          {
            "db": "VULHUB",
            "id": "VHN-402299"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-41029",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016004",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-525",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4142",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021120722",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-402299",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-402299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-525"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41029"
          }
        ]
      },
      "id": "VAR-202112-0288",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-402299"
          }
        ],
        "trust": 0.40357142999999995
      },
      "last_update_date": "2024-11-23T22:05:05.828000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-21-114",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-21-114"
          },
          {
            "title": "Fortinet FortiWLM Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173719"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-525"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-402299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41029"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-21-114"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41029"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4142"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021120722"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-402299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-525"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41029"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-402299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-525"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41029"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-402299"
          },
          {
            "date": "2022-12-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-525"
          },
          {
            "date": "2021-12-08T12:15:07.787000",
            "db": "NVD",
            "id": "CVE-2021-41029"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-402299"
          },
          {
            "date": "2022-12-05T06:01:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          },
          {
            "date": "2021-12-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-525"
          },
          {
            "date": "2024-11-21T06:25:18.400000",
            "db": "NVD",
            "id": "CVE-2021-41029"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-525"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet\u00a0FortiWLM\u00a0 Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016004"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-525"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-2004

    Vulnerability from variot - Updated: 2024-08-14 15:41

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLM is a wireless manager from the American company Fortinet.

    Fortinet FortiWLM has a command execution vulnerability. The vulnerability is caused by the application's failure to properly filter special characters, commands, etc. in constructed commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-2004",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.6.0,\u003c=8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.5.0,\u003c=8.5.4"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34986"
          }
        ]
      },
      "cve": "CVE-2023-34986",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2023-98190",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-34986",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-34986",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-34986",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-34986",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-34986",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-98190",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34986"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34986"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLM is a wireless manager from the American company Fortinet. \n\r\n\r\nFortinet FortiWLM has a command execution vulnerability. The vulnerability is caused by the application\u0027s failure to properly filter special characters, commands, etc. in constructed commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-34986"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-34986",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014134",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-98190",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34986"
          }
        ]
      },
      "id": "VAR-202310-2004",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          }
        ],
        "trust": 0.90357143
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          }
        ]
      },
      "last_update_date": "2024-08-14T15:41:30.727000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-141",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-141"
          },
          {
            "title": "Patch for Fortinet FortiSIEM command execution vulnerability (CNVD-2023-98190)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/497416"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34986"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34986"
          },
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-141"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34986"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34986"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          },
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          },
          {
            "date": "2023-10-10T17:15:11.343000",
            "db": "NVD",
            "id": "CVE-2023-34986"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-98190"
          },
          {
            "date": "2023-12-22T07:34:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          },
          {
            "date": "2023-11-07T04:15:51.533000",
            "db": "NVD",
            "id": "CVE-2023-34986"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014134"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-2208

    Vulnerability from variot - Updated: 2024-08-14 15:36

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-2208",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36547"
          }
        ]
      },
      "cve": "CVE-2023-36547",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-36547",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-36547",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-36547",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-36547",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-36547",
                "trust": 0.8,
                "value": "Critical"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36547"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36547"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-36547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-36547",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014127",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36547"
          }
        ]
      },
      "id": "VAR-202310-2208",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T15:36:42.796000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-140",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-140"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36547"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-140"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36547"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36547"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36547"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          },
          {
            "date": "2023-10-10T17:15:11.827000",
            "db": "NVD",
            "id": "CVE-2023-36547"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T07:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          },
          {
            "date": "2023-11-07T04:16:36.957000",
            "db": "NVD",
            "id": "CVE-2023-36547"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014127"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-2211

    Vulnerability from variot - Updated: 2024-08-14 14:48

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-2211",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34988"
          }
        ]
      },
      "cve": "CVE-2023-34988",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-34988",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-34988",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-34988",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-34988",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-34988",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34988"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34988"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-34988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-34988",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014131",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34988"
          }
        ]
      },
      "id": "VAR-202310-2211",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T14:48:48.664000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-141",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-141"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34988"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-141"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34988"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34988"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34988"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          },
          {
            "date": "2023-10-10T17:15:11.463000",
            "db": "NVD",
            "id": "CVE-2023-34988"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T07:31:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          },
          {
            "date": "2023-11-07T04:15:51.850000",
            "db": "NVD",
            "id": "CVE-2023-34988"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014131"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-1793

    Vulnerability from variot - Updated: 2024-08-14 14:36

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1793",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34987"
          }
        ]
      },
      "cve": "CVE-2023-34987",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-34987",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-34987",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-34987",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-34987",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-34987",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34987"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34987"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-34987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-34987",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014132",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34987"
          }
        ]
      },
      "id": "VAR-202310-1793",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T14:36:33.644000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-141",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-141"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34987"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-141"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34987"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34987"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34987"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          },
          {
            "date": "2023-10-10T17:15:11.403000",
            "db": "NVD",
            "id": "CVE-2023-34987"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T07:33:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          },
          {
            "date": "2023-11-07T04:15:51.707000",
            "db": "NVD",
            "id": "CVE-2023-34987"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014132"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-1898

    Vulnerability from variot - Updated: 2024-08-14 14:36

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1898",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36549"
          }
        ]
      },
      "cve": "CVE-2023-36549",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-36549",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-36549",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-36549",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-36549",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-36549",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-36549",
                "trust": 0.8,
                "value": "Critical"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36549"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36549"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-36549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-36549",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014125",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36549"
          }
        ]
      },
      "id": "VAR-202310-1898",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T14:36:33.572000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-140",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-140"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36549"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-140"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36549"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36549"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36549"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          },
          {
            "date": "2023-10-10T17:15:11.953000",
            "db": "NVD",
            "id": "CVE-2023-36549"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T07:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          },
          {
            "date": "2023-11-07T04:16:37.207000",
            "db": "NVD",
            "id": "CVE-2023-36549"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014125"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-2003

    Vulnerability from variot - Updated: 2024-08-14 14:36

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-2003",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36548"
          }
        ]
      },
      "cve": "CVE-2023-36548",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-36548",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-36548",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-36548",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-36548",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-36548",
                "trust": 0.8,
                "value": "Critical"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36548"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36548"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-36548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-36548",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014126",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36548"
          }
        ]
      },
      "id": "VAR-202310-2003",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T14:36:33.501000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-140",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-140"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36548"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-140"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36548"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36548"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36548"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          },
          {
            "date": "2023-10-10T17:15:11.890000",
            "db": "NVD",
            "id": "CVE-2023-36548"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T07:22:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          },
          {
            "date": "2023-11-07T04:16:37.043000",
            "db": "NVD",
            "id": "CVE-2023-36548"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014126"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-2612

    Vulnerability from variot - Updated: 2024-08-14 14:36

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-2612",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36550"
          }
        ]
      },
      "cve": "CVE-2023-36550",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-36550",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-36550",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-36550",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-36550",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-36550",
                "trust": 0.8,
                "value": "Critical"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36550"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36550"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-36550"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-36550",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014124",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36550"
          }
        ]
      },
      "id": "VAR-202310-2612",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T14:36:33.067000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-140",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-140"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36550"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-140"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36550"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36550"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36550"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          },
          {
            "date": "2023-10-10T17:15:12.017000",
            "db": "NVD",
            "id": "CVE-2023-36550"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T07:19:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          },
          {
            "date": "2023-11-07T04:16:37.370000",
            "db": "NVD",
            "id": "CVE-2023-36550"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014124"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202311-1151

    Vulnerability from variot - Updated: 2024-08-14 14:36

    A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202311-1151",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.6"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.1"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.4.1"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.4.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.3.2"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.4.2"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.2.2"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-42783"
          }
        ]
      },
      "cve": "CVE-2023-42783",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-42783",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-42783",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-42783",
                "trust": 1.0,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-42783"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-42783"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-42783"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-42783",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-42783"
          }
        ]
      },
      "id": "VAR-202311-1151",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T14:36:31.951000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-23",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-42783"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-143"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-42783"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-42783"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-11-14T18:15:53.853000",
            "db": "NVD",
            "id": "CVE-2023-42783"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-11-18T03:28:03.087000",
            "db": "NVD",
            "id": "CVE-2023-42783"
          }
        ]
      }
    }

    VAR-202111-0313

    Vulnerability from variot - Updated: 2024-08-14 14:31

    A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Fortinet FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLC is a wireless LAN controller from Fortinet

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-0313",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.2.2"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.1"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.1  and earlier"
          },
          {
            "model": "fortiwlc",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "\u003c=8.6.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36185"
          }
        ]
      },
      "cve": "CVE-2021-36185",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-36185",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-84257",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-398004",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-36185",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-014535",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-36185",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-36185",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-36185",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-84257",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-335",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-398004",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-36185",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398004"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-335"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36185"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36185"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Fortinet FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLC is a wireless LAN controller from Fortinet",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-36185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398004"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36185"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-36185",
            "trust": 4.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014535",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-335",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-84257",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021120918",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-398004",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36185",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398004"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-335"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36185"
          }
        ]
      },
      "id": "VAR-202111-0313",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398004"
          }
        ],
        "trust": 1.1466260149999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:31:31.608000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-21-110",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-21-110"
          },
          {
            "title": "Patch for Fortinet FortiWLM has unspecified vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/296836"
          },
          {
            "title": "Fortinet FortiWLC Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169477"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-335"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398004"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36185"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36185"
          },
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/advisory/fg-ir-21-110"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021120918"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398004"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-335"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36185"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398004"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-335"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36185"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          },
          {
            "date": "2021-11-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-398004"
          },
          {
            "date": "2021-11-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-36185"
          },
          {
            "date": "2022-10-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          },
          {
            "date": "2021-11-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-335"
          },
          {
            "date": "2021-11-02T19:15:07.920000",
            "db": "NVD",
            "id": "CVE-2021-36185"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-84257"
          },
          {
            "date": "2021-11-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-398004"
          },
          {
            "date": "2021-11-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-36185"
          },
          {
            "date": "2022-10-20T04:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          },
          {
            "date": "2021-12-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-335"
          },
          {
            "date": "2021-11-04T13:58:34.310000",
            "db": "NVD",
            "id": "CVE-2021-36185"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-335"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet\u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014535"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-335"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-0307

    Vulnerability from variot - Updated: 2024-08-14 14:31

    A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information may be obtained. Fortinet FortiWLC is a wireless LAN controller from Fortinet

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-0307",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.2.2"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.1"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.1  and earlier"
          },
          {
            "model": "fortiwlc",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "\u003c=8.6.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36184"
          }
        ]
      },
      "cve": "CVE-2021-36184",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-36184",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-84256",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-398003",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-36184",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@fortinet.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-36184",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-36184",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-36184",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2021-36184",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-36184",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-84256",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-336",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-398003",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36184"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36184"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information may be obtained. Fortinet FortiWLC is a wireless LAN controller from Fortinet",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-36184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398003"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-36184",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014567",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-336",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-84256",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021120918",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-398003",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36184"
          }
        ]
      },
      "id": "VAR-202111-0307",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398003"
          }
        ],
        "trust": 1.1466260149999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:31:31.576000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-21-107",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-21-107"
          },
          {
            "title": "Patch for Fortinet FortiWLM SQL injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/296831"
          },
          {
            "title": "Fortinet FortiWLC SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169637"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-336"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36184"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36184"
          },
          {
            "trust": 1.7,
            "url": "https://fortiguard.com/advisory/fg-ir-21-107"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021120918"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36184"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36184"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          },
          {
            "date": "2021-11-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-398003"
          },
          {
            "date": "2022-10-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          },
          {
            "date": "2021-11-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-336"
          },
          {
            "date": "2021-11-02T19:15:07.873000",
            "db": "NVD",
            "id": "CVE-2021-36184"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-84256"
          },
          {
            "date": "2021-11-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-398003"
          },
          {
            "date": "2022-10-20T07:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          },
          {
            "date": "2021-12-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-336"
          },
          {
            "date": "2021-11-04T14:36:17.723000",
            "db": "NVD",
            "id": "CVE-2021-36184"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-336"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet\u00a0FortiWLM\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014567"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-336"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202311-1591

    Vulnerability from variot - Updated: 2024-08-14 14:09

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. Fortinet FortiWLM is a wireless manager from the American company Fortinet.

    Fortinet FortiWLM has a SQL injection vulnerability, which results from the application's lack of validation of externally input SQL statements

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202311-1591",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "fortinet",
            "version": "8.2.2"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "fortinet",
            "version": "8.4.2"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "fortinet",
            "version": "8.4.1"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "fortinet",
            "version": "8.4.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "fortinet",
            "version": "8.3.2"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "fortinet",
            "version": "8.3.1"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "fortinet",
            "version": "8.3.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.6.0,\u003c=8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "fortinet",
            "version": "8.5.0,\u003c=8.5.4"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34991"
          }
        ]
      },
      "cve": "CVE-2023-34991",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2024-13757",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-34991",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-34991",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-34991",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-13757",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34991"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34991"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. Fortinet FortiWLM is a wireless manager from the American company Fortinet. \n\r\n\r\nFortinet FortiWLM has a SQL injection vulnerability, which results from the application\u0027s lack of validation of externally input SQL statements",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-34991"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-34991",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34991"
          }
        ]
      },
      "id": "VAR-202311-1591",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          }
        ],
        "trust": 0.90357143
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:09:40.674000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Fortinet FortiWLM SQL injection vulnerability (CNVD-2024-13757)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/534421"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-34991"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-142"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34991"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34991"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34991"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          },
          {
            "date": "2023-11-14T18:15:30.443000",
            "db": "NVD",
            "id": "CVE-2023-34991"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          },
          {
            "date": "2023-11-20T17:19:37.650000",
            "db": "NVD",
            "id": "CVE-2023-34991"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fortinet FortiWLM SQL injection vulnerability (CNVD-2024-13757)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-13757"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202312-2353

    Vulnerability from variot - Updated: 2024-08-14 14:09

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202312-2353",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-48782"
          }
        ]
      },
      "cve": "CVE-2023-48782",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-48782",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-48782",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-48782",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-48782",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-48782",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-48782"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-48782"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-48782"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-48782",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020026",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-48782"
          }
        ]
      },
      "id": "VAR-202312-2353",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T14:09:37.928000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-450",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-450"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-48782"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-450"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-48782"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-48782"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-48782"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          },
          {
            "date": "2023-12-13T07:15:27.480000",
            "db": "NVD",
            "id": "CVE-2023-48782"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-15T07:38:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          },
          {
            "date": "2023-12-15T20:01:55.773000",
            "db": "NVD",
            "id": "CVE-2023-48782"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020026"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-1901

    Vulnerability from variot - Updated: 2024-08-14 13:41

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1901",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34985"
          }
        ]
      },
      "cve": "CVE-2023-34985",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-34985",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-34985",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-34985",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-34985",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-34985",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34985"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34985"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-34985"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-34985",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014136",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34985"
          }
        ]
      },
      "id": "VAR-202310-1901",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T13:41:26.287000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-141",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-141"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34985"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-141"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34985"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34985"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34985"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          },
          {
            "date": "2023-10-10T17:15:11.283000",
            "db": "NVD",
            "id": "CVE-2023-34985"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T07:36:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          },
          {
            "date": "2023-11-07T04:15:51.367000",
            "db": "NVD",
            "id": "CVE-2023-34985"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014136"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-2615

    Vulnerability from variot - Updated: 2024-08-14 13:41

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-2615",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34989"
          }
        ]
      },
      "cve": "CVE-2023-34989",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-34989",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-34989",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-34989",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-34989",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-34989",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34989"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34989"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-34989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-34989",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014129",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34989"
          }
        ]
      },
      "id": "VAR-202310-2615",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T13:41:25.766000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-141",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-141"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34989"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-141"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34989"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34989"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34989"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          },
          {
            "date": "2023-10-10T17:15:11.520000",
            "db": "NVD",
            "id": "CVE-2023-34989"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T07:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          },
          {
            "date": "2023-11-07T04:15:52.007000",
            "db": "NVD",
            "id": "CVE-2023-34989"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014129"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-1792

    Vulnerability from variot - Updated: 2024-08-14 13:19

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-1792",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.0"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fortinet",
            "version": "8.5.0"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.5.0  to  8.5.4"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": "8.6.0  to  8.6.5"
          },
          {
            "model": "fortiwlm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34993"
          }
        ]
      },
      "cve": "CVE-2023-34993",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-34993",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-34993",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-34993",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "psirt@fortinet.com",
                "id": "CVE-2023-34993",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-34993",
                "trust": 0.8,
                "value": "Critical"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34993"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34993"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet\u0027s FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-34993"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-34993",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014128",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34993"
          }
        ]
      },
      "id": "VAR-202310-1792",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.30357143
      },
      "last_update_date": "2024-08-14T13:19:41.879000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FG-IR-23-140",
            "trust": 0.8,
            "url": "https://www.fortiguard.com/psirt/FG-IR-23-140"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34993"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://fortiguard.com/psirt/fg-ir-23-140"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34993"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34993"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-34993"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          },
          {
            "date": "2023-10-10T17:15:11.670000",
            "db": "NVD",
            "id": "CVE-2023-34993"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-22T07:25:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          },
          {
            "date": "2023-11-07T04:15:52.320000",
            "db": "NVD",
            "id": "CVE-2023-34993"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "fortinet\u0027s \u00a0FortiWLM\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014128"
          }
        ],
        "trust": 0.8
      }
    }

    CERTFR-2024-AVI-1096

    Vulnerability from certfr_avis - Published: 2024-12-19 - Updated: 2024-12-19

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    L'éditeur indique que les correctifs concernant la vulnérabilité CVE-2024-50570 pour FortiClientLinux 7.0.14, 7.2.8 et 7.4.3 ne sont pas encore disponibles.

    Impacted products
    Vendor Product Description
    Fortinet FortiWLM FortiWLM versions 8.6.x antérieures à 8.6.6
    Fortinet FortiClient FortiClientWindows 7.4.x versions antérieures à 7.4.2
    Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.5
    Fortinet FortiManager FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.13
    Fortinet FortiManager FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.8
    Fortinet FortiClient FortiClientLinux 7.4.x versions antérieures à 7.4.3
    Fortinet FortiClient FortiClientWindows 7.0.x versions antérieures à 7.0.14
    Fortinet FortiManager FortiManager versions postérieures à 6.4.10 et antérieures à 6.4.15
    Fortinet FortiClient FortiClientLinux 7.2.x versions antérieures à 7.2.8
    Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.1
    Fortinet FortiWLM FortiWLM versions 8.5.x antérieures à 8.5.5
    Fortinet FortiManager FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.5
    Fortinet FortiClient FortiClientLinux 7.0.x versions antérieures à 7.0.14
    Fortinet FortiManager FortiManager versions postérieures à 7.0.5 et antérieures à 7.0.13
    Fortinet FortiClient FortiClientWindows 7.2.x versions antérieures à 7.2.7
    Fortinet FortiManager FortiManager versions postérieures à 7.2.3 et antérieures à 7.2.8
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiWLM versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
          "product": {
            "name": "FortiWLM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.13",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientLinux 7.4.x versions ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows 7.0.x versions ant\u00e9rieures \u00e0 7.0.14",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions post\u00e9rieures \u00e0 6.4.10 et ant\u00e9rieures \u00e0 6.4.15",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientLinux 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWLM versions 8.5.x ant\u00e9rieures \u00e0 8.5.5",
          "product": {
            "name": "FortiWLM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientLinux 7.0.x versions ant\u00e9rieures \u00e0 7.0.14",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions post\u00e9rieures \u00e0 7.0.5 et ant\u00e9rieures \u00e0 7.0.13",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows 7.2.x versions ant\u00e9rieures \u00e0 7.2.7",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions post\u00e9rieures \u00e0 7.2.3 et ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "L\u0027\u00e9diteur indique que les correctifs concernant la vuln\u00e9rabilit\u00e9 CVE-2024-50570 pour FortiClientLinux 7.0.14, 7.2.8 et 7.4.3  ne sont pas encore disponibles.",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2023-34990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34990"
        },
        {
          "name": "CVE-2024-50570",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50570"
        },
        {
          "name": "CVE-2024-48889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48889"
        }
      ],
      "initial_release_date": "2024-12-19T00:00:00",
      "last_revision_date": "2024-12-19T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-1096",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-12-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2024-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-425",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-425"
        },
        {
          "published_at": "2024-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-278",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-278"
        },
        {
          "published_at": "2024-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-144",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-144"
        }
      ]
    }

    CVE-2023-34990 (GCVE-0-2023-34990)

    Vulnerability from nvd – Published: 2024-12-18 12:44 – Updated: 2024-12-20 04:55
    VLAI
    Summary
    A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Execute unauthorized code or commands
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWLM Affected: 8.6.0 , ≤ 8.6.5 (semver)
    Affected: 8.5.0 , ≤ 8.5.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34990",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-19T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T04:55:50.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiWLM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.5",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.4",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T12:44:38.664Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-144",
              "url": "https://fortiguard.com/psirt/FG-IR-23-144"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-34990",
        "datePublished": "2024-12-18T12:44:38.664Z",
        "dateReserved": "2023-06-09T06:59:37.970Z",
        "dateUpdated": "2024-12-20T04:55:50.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48782 (GCVE-0-2023-48782)

    Vulnerability from nvd – Published: 2023-12-13 06:37 – Updated: 2026-02-25 16:12
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWLM Affected: 8.6.0 , ≤ 8.6.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:37:55.001Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-450",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-450"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48782",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-14T05:00:12.301524Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:12:50.714Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiWLM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.5",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-13T06:37:42.217Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-450",
              "url": "https://fortiguard.com/psirt/FG-IR-23-450"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-48782",
        "datePublished": "2023-12-13T06:37:42.217Z",
        "dateReserved": "2023-11-19T19:58:38.554Z",
        "dateUpdated": "2026-02-25T16:12:50.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-42783 (GCVE-0-2023-42783)

    Vulnerability from nvd – Published: 2023-11-14 18:04 – Updated: 2024-08-30 18:27
    VLAI
    Summary
    A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWLM Affected: 8.6.0 , ≤ 8.6.6 (semver)
    Affected: 8.5.0 , ≤ 8.5.4 (semver)
    Affected: 8.4.0 , ≤ 8.4.2 (semver)
    Affected: 8.3.0 , ≤ 8.3.2 (semver)
    Affected: 8.2.2
    Create a notification for this product.
    fortinet fortiwlm Affected: 8.2.2
    Affected: 8.3.0 , ≤ 8.3.2 (semver)
    Affected: 8.4.0 , ≤ 8.4.2 (semver)
    Affected: 8.5.0 , ≤ 8.5.4 (semver)
    Affected: 8.6.0 , ≤ 8.6.6 (semver)
        cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:30:24.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-143",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-143"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortiwlm",
                "vendor": "fortinet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.2.2"
                  },
                  {
                    "lessThanOrEqual": "8.3.2",
                    "status": "affected",
                    "version": "8.3.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "8.4.2",
                    "status": "affected",
                    "version": "8.4.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "8.5.4",
                    "status": "affected",
                    "version": "8.5.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "8.6.6",
                    "status": "affected",
                    "version": "8.6.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-30T18:22:55.290862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-30T18:27:39.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiWLM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.6",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.4",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.2",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.2",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "8.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:04:50.699Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-143",
              "url": "https://fortiguard.com/psirt/FG-IR-23-143"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-42783",
        "datePublished": "2023-11-14T18:04:50.699Z",
        "dateReserved": "2023-09-14T08:37:38.656Z",
        "dateUpdated": "2024-08-30T18:27:39.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34991 (GCVE-0-2023-34991)

    Vulnerability from nvd – Published: 2023-11-14 18:07 – Updated: 2025-12-16 18:23
    VLAI
    Summary
    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWLM Affected: 8.6.0 , ≤ 8.6.5 (semver)
    Affected: 8.5.0 , ≤ 8.5.4 (semver)
    Affected: 8.4.0 , ≤ 8.4.2 (semver)
    Affected: 8.3.0 , ≤ 8.3.2 (semver)
    Affected: 8.2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:17:04.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-142",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-142"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34991",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-15T14:59:14.045632Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T18:23:21.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiWLM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.5",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.4",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.2",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.2",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "8.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:07:32.529Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-142",
              "url": "https://fortiguard.com/psirt/FG-IR-23-142"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-34991",
        "datePublished": "2023-11-14T18:07:32.529Z",
        "dateReserved": "2023-06-09T06:59:37.970Z",
        "dateUpdated": "2025-12-16T18:23:21.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-34990 (GCVE-0-2023-34990)

    Vulnerability from cvelistv5 – Published: 2024-12-18 12:44 – Updated: 2024-12-20 04:55
    VLAI
    Summary
    A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Execute unauthorized code or commands
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWLM Affected: 8.6.0 , ≤ 8.6.5 (semver)
    Affected: 8.5.0 , ≤ 8.5.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34990",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-19T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T04:55:50.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiWLM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.5",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.4",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T12:44:38.664Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-144",
              "url": "https://fortiguard.com/psirt/FG-IR-23-144"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-34990",
        "datePublished": "2024-12-18T12:44:38.664Z",
        "dateReserved": "2023-06-09T06:59:37.970Z",
        "dateUpdated": "2024-12-20T04:55:50.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48782 (GCVE-0-2023-48782)

    Vulnerability from cvelistv5 – Published: 2023-12-13 06:37 – Updated: 2026-02-25 16:12
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWLM Affected: 8.6.0 , ≤ 8.6.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:37:55.001Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-450",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-450"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48782",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-14T05:00:12.301524Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:12:50.714Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiWLM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.5",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-13T06:37:42.217Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-450",
              "url": "https://fortiguard.com/psirt/FG-IR-23-450"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-48782",
        "datePublished": "2023-12-13T06:37:42.217Z",
        "dateReserved": "2023-11-19T19:58:38.554Z",
        "dateUpdated": "2026-02-25T16:12:50.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }