Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests.
FortiSIEM (Security Information and Event Management) is a comprehensive cybersecurity solution that provides organizations with enhanced visibility and granular control over their security posture. It is used in businesses of all sizes in the healthcare, financial, retail, e-commerce, government, and public sectors.
Tracked as CVE-2023-36553, the flaw was given a critical severity score of 9.3 by Fortinet, while the U.S. NIST calculated it as 9.8.
Fortinet has issued a critical alert regarding an OS command injection vulnerability in the FortiSIEM report server, posing a risk of remote, unauthenticated attackers executing commands through specially crafted API requests. FortiSIEM, a comprehensive cybersecurity solution offering enhanced visibility and control over security, is widely used across various sectors, including healthcare, finance, retail, e-commerce, government, and the public domain. Tracked as CVE-2023-36553, the flaw was given a critical severity score of 9.3 by Fortinet, while the U.S. NIST calculated it as 9.8. This vulnerability is identified as a variant of CVE-2023-34992, a critical-severity issue fixed in October. The problem arises from improper neutralization of special elements in OS commands, allowing unauthorized execution through API requests. Affected FortiSIEM versions range from 4.7 to 5.4, and administrators are urged to upgrade to versions 6.4.3 and later. Given Fortinet’s attractiveness to state-backed hacking groups, including Iranian hackers targeting U.S. aeronautical firms and Chinese cyber-espionage clusters, addressing such vulnerabilities is crucial for network security.
