h4x-x0r
commented
1 month ago If someone gets the installer, I'd be happy to help with the module.
Open jheysel-r7 opened 3 months ago
h4x-x0r
commented
1 month ago If someone gets the installer, I'd be happy to help with the module.
Summary
It's a straight forward unauthenticated command injection vulnerability in a Fortinet product. Seems like it would be a good add to the framework.
I tried downloading a demo of the product without success. I checked AWS and there were a number of BYOL targets but all of them were patched versions. If we could get our hands on a vulnerable target I'd be happy to write a module.
Basic example
https://github.com/horizon3ai/CVE-2023-34992 https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/