Critical OS Command Injection Vulnerability Discovered in Fortinet’s FortiSIEM

November 17, 2023

Fortinet has issued a warning to its customers about a critical OS command injection vulnerability identified as CVE-2023-36553 in its FortiSIEM report server. The flaw could be exploited by a remote, unauthenticated attacker to execute unauthorized commands by sending specially crafted API requests. The advisory from the vendor stated, “An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.”

FortiSIEM, a security information and event management (SIEM) solution by Fortinet, collects, aggregates, and correlates log data from various sources across the network. The vulnerability in question was discovered by Adham El karn, a member of the Fortinet Product Security team. The flaw impacts Fortinet FortiSIEM versions 5.4.0, 5.3.0 through 5.3.3, 5.2.5 through 5.2.8, 5.2.1 through 5.2.2, 5.1.0 through 5.1.3, 5.0.0 through 5.0.1, 4.10.0, 4.9.0, and 4.7.2.

The vulnerability was internally identified as a variant of another issue, CVE-2023-34992, which also involved improper neutralization of special elements used in an OS command (‘os command injection’) in FortiSIEM versions 7.0.0, 6.7.0 through 6.7.5, 6.6.0 through 6.6.3, 6.5.0 through 6.5.1, and 6.4.0 through 6.4.2. Fortinet addressed the vulnerability in early October. It remains unclear whether the vulnerability is being actively exploited in the wild.

Related News

• Fortinet Addresses Two Critical Vulnerabilities in FortiSIEM and FortiWLM

Latest News

• Yamaha Motor Philippines Hit by Ransomware Attack: Employee Data Leaked
• Stealthy EDR Bypass Enabled by Dangerous Apache ActiveMQ Exploit
• Global Government Data Breaches: Multiple APTs Exploit Zimbra Zero-Day
• DarkCasino: A New APT Threat Leveraging WinRAR Vulnerability
• Citrix Hypervisor Receives Fixes for 'Reptar' Intel CPU Vulnerability