CVE-2023-34992

CVE Database · CVE-2023-34992

CVE-2023-34992

· CRITICALModified

CVSS v3.1

10.0

EPSS

65.51%

Published

Oct 10, 2023

Modified

Jan 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78CWE-78

Affected Products (8)

fortinet · fortisiemvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-23-130

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-130

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs