A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Fortinet
  • Fortisiem

Configuration 1 [-]

OR cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:7.0.0:*:*:*:*:*:*:*

No data.

References
Link Providers
https://fortiguard.com/psirt/FG-IR-23-130 cve-icon cve-icon
History

Wed, 14 Jan 2026 14:00:00 +0000

Type Values Removed Values Added
Description A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests.
CPEs cpe:2.3:a:fortinet:fortisiem:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.7.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.7.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.7.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.7.5:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X'}

 cvssV3_1

{'score': 9.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:X/RC:X'}

Wed, 17 Dec 2025 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'Yes', 'Exploitation': 'None', 'Technical Impact': 'Total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.78472}

 epss

{'score': 0.78868}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.77157}

 epss

{'score': 0.78472}
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-10-10T16:50:21.319Z

Updated: 2026-01-14T13:47:28.151Z

Reserved: 2023-06-09T06:59:37.971Z

Link: CVE-2023-34992

cve-icon Vulnrichment

Updated: 2024-08-02T16:17:04.307Z

cve-icon NVD

Status : Modified

Published: 2023-10-10T17:15:11.607

Modified: 2026-01-14T14:16:07.900

Link: CVE-2023-34992

cve-icon Redhat

No data.