Critical OS Command Injection Vulnerability Discovered in Fortinet’s FortiSIEM

November 17, 2023

Fortinet has issued a warning to its customers about a critical OS command injection vulnerability identified as CVE-2023-36553 in its FortiSIEM report server. The flaw could be exploited by a remote, unauthenticated attacker to execute unauthorized commands by sending specially crafted API requests. The advisory from the vendor stated, “An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.”

FortiSIEM, a security information and event management (SIEM) solution by Fortinet, collects, aggregates, and correlates log data from various sources across the network. The vulnerability in question was discovered by Adham El karn, a member of the Fortinet Product Security team. The flaw impacts Fortinet FortiSIEM versions 5.4.0, 5.3.0 through 5.3.3, 5.2.5 through 5.2.8, 5.2.1 through 5.2.2, 5.1.0 through 5.1.3, 5.0.0 through 5.0.1, 4.10.0, 4.9.0, and 4.7.2.

The vulnerability was internally identified as a variant of another issue, CVE-2023-34992, which also involved improper neutralization of special elements used in an OS command (‘os command injection’) in FortiSIEM versions 7.0.0, 6.7.0 through 6.7.5, 6.6.0 through 6.6.3, 6.5.0 through 6.5.1, and 6.4.0 through 6.4.2. Fortinet addressed the vulnerability in early October. It remains unclear whether the vulnerability is being actively exploited in the wild.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.