CVE-2023-34992 & CVE-2023-34993: Critical Vulnerabilities in FortiSIEM and FortiWLM

by do son · October 10, 2023

Fortinet has released security patches for two critical vulnerabilities in its FortiWLM and FortiSIEM products. Both vulnerabilities are command injection vulnerabilities, which can allow an attacker to execute arbitrary commands on the affected system.

CVE-2023-34993 (CVSS score of 9.6): FortiWLM – Unauthenticated command injection vulnerability

FortiWLM stands tall as Fortinet’s wireless management platform. Catering to a myriad of businesses, from nimble start-ups to sprawling enterprises, it’s the go-to for managing wireless networks.

The CVE-2023-34993 flaw is marked by its capability for unauthenticated command injection. In simpler terms, attackers can remotely exploit “OS command injection” vulnerabilities, sending maliciously crafted HTTP get requests that lead to unauthorized command executions.

Affected Versions:
– FortiWLM 8.5.0 to 8.5.4
– FortiWLM 8.6.0 to 8.6.5

If you’re running FortiWLM version 8.5.5, 8.6.6, or higher, you can breathe a sigh of relief; you’re out of the danger zone.

CVE-2023-34992 (CVSS score of 9.6): FortiSIEM – Remote unauthenticated OS command injection

FortiSIEM is Fortinet’s response to the critical need for security information and event management. Whether on-premises, in the cloud or a hybrid of the two, it’s the sentinel that watches over vast digital landscapes, ensuring security threats are swiftly identified and addressed.

An almost mirrored threat to its FortiWLM counterpart, the CVE-2023-34992 vulnerability allows for remote unauthenticated OS command injections. Here, attackers can craft specific API requests that, when executed, run unauthorized commands on the system.

Affected Products:

FortiSIEM versions 7.0.0, 6.7.0 to 6.7.5, 6.6.0 to 6.6.3, 6.5.0 to 6.5.1, and 6.4.0 to 6.4.2.

Organizations must make an urgent transition to FortiSIEM version 7.0.1, 6.7.6, or the soon-to-be-released versions 6.6.4, 6.5.2, and 6.4.3.

Command injection vulnerabilities occur when an attacker is able to inject arbitrary commands into a software application. This can be done through a variety of methods, such as exploiting input validation vulnerabilities or maliciously crafted HTTP requests.

Once an attacker has successfully injected a command into an application, they can then execute that command on the system. This can give the attacker full control over the system, allowing them to steal data, install malware, or launch further attacks.

Both vulnerabilities came into the limelight thanks to the meticulous work of security researcher Zach Hanley (@hacks_zach) from Horizon3.ai.

Fortinet recommends that all users of FortiWLM and FortiSIEM upgrade to the latest patched version as soon as possible.