FortiSIEM Injection Flaw Let Attackers Execute Malicious Commands

OS command injection is a security vulnerability where an attacker exploits improper user input validation to inject malicious commands into an operating system. This can lead to:-

  • Unauthorized access
  • Data breaches
  • System compromise

FortiSIEM is a security information and event management (SIEM) solution developed by Fortinet. It provides real-time analysis of security alerts generated by network hardware and applications, helping organizations detect and respond to security threats efficiently.

EHA

Cybersecurity researchers at Fortinet Product Security Incident Response Team (PSIRT) recently identified a FortiSIEM injection flaw that lets attackers execute malicious commands and has been tracked as “CVE-2023-36553.”

Flaw profile

  • CVE ID: CVE-2023-36553
  • Impact: Execute unauthorized code or commands
  • Summary: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in the FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.
  • IR Number: FG-IR-23-135
  • Severity: Critical
  • CVSSv3 Score: 9.3
  • Date: Nov 14, 2023

Moreover, this critical FortiSIEM injection vulnerability (CVE-2023-36553) was identified as a variant of CVE-2023-34992, another critical flaw that was already fixed in October of this year.

Improper input sanitization allows OS command execution, posing risks of:-

  • Unauthorized data access
  • Modification through API requests
  • Deletion through API requests

Affected Products

Here below we have mentioned all the products that are affected:-

  • FortiSIEM 5.4 all versions
  • FortiSIEM 5.3 all versions
  • FortiSIEM 5.2 all versions
  • FortiSIEM 5.1 all versions
  • FortiSIEM 5.0 all versions
  • FortiSIEM 4.10 all versions
  • FortiSIEM 4.9 all versions
  • FortiSIEM 4.7 all versions

Solutions

Here below, we have mentioned all the solutions:-

  • Please upgrade to FortiSIEM version 7.1.0 or above
  • Please upgrade to FortiSIEM version 7.0.1 or above
  • Please upgrade to FortiSIEM version 6.7.6 or above
  • Please upgrade to FortiSIEM version 6.6.4 or above
  • Please upgrade to FortiSIEM version 6.5.2 or above
  • Please upgrade to FortiSIEM version 6.4.3 or above

Hackers actively target Fortinet products due to their wide use in cybersecurity, which makes them lucrative for hackers seeking to exploit vulnerabilities on a large scale.

Furthermore, successful breaches of Fortinet devices provide hackers access to private networks and important data, offering significant rewards for threat actors.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.