FortiSIEM Injection Flaw Let Attackers Execute Malicious Commands
OS command injection is a security vulnerability where an attacker exploits improper user input validation to inject malicious commands into an operating system. This can lead to:-
- Unauthorized access
- Data breaches
- System compromise
FortiSIEM is a security information and event management (SIEM) solution developed by Fortinet. It provides real-time analysis of security alerts generated by network hardware and applications, helping organizations detect and respond to security threats efficiently.
Cybersecurity researchers at Fortinet Product Security Incident Response Team (PSIRT) recently identified a Forti SIEM injection flaw that lets attackers execute malicious commands and has been tracked as “CVE-2023-36553.”
Flaw Profile:
- CVE ID: CVE-2023-36553
- Impact: Execute unauthorized code or commands
- Summary: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in the FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.
- IR Number: FG-IR-23-135
- Severity: Critical
- CVSSv3 Score: 9.3
- Date: Nov 14, 2023
Moreover, this critical FortiSIEM injection vulnerability (CVE-2023-36553) was identified as a variant of CVE-2023-34992, another critical flaw that was already fixed in October of this year.
Improper input sanitization allows OS command execution, posing risks of:-
- Unauthorized data access
- Modification through API requests
- Deletion through API requests
Affected Products:
Here below we have mentioned all the products that are affected:-
- FortiSIEM 5.4 all versions
- FortiSIEM 5.3 all versions
- FortiSIEM 5.2 all versions
- FortiSIEM 5.1 all versions
- FortiSIEM 5.0 all versions
- FortiSIEM 4.10 all versions
- FortiSIEM 4.9 all versions
- FortiSIEM 4.7 all versions
Solutions:
Here below, we have mentioned all the solutions:-
- Please upgrade to FortiSIEM version 7.1.0 or above
- Please upgrade to FortiSIEM version 7.0.1 or above
- Please upgrade to FortiSIEM version 6.7.6 or above
- Please upgrade to FortiSIEM version 6.6.4 or above
- Please upgrade to FortiSIEM version 6.5.2 or above
- Please upgrade to FortiSIEM version 6.4.3 or above
Hackers actively target Fortinet products due to their wide use in cybersecurity, which makes them lucrative for hackers seeking to exploit vulnerabilities on a large scale.
Furthermore, successful breaches of Fortinet devices provide hackers access to private networks and important data, offering significant rewards for threat actors.
Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.