tags:fortinetenterprise_appcommand_injection]], original link: CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive newsletter link: exploits.club Weekly Newsletter 22


Exploits Club Summary:

When offensive security companies start a blog post with “given some early success in auditing Fortinet appliances”, it might be time to rethink your application security strategy. And this post from @Horizon3Attack only furthers that point. In it, the team discusses the discovery and exploitation of CVE-2023-34992, a command injection on FortiSIEM. The write-up discusses enumerating the attack surface, identifying a remotely accessible sub-system, building a basic client to communicate it, and eventually discovering and exploiting a command injection. The post rounds-out with some IOCs for you blue-hat wearers.