FortiSIEM Injection Flaw Let Attackers Execute Malicious Commands
OS command injection is a security vulnerability where an attacker exploits improper user input validation to inject malicious commands into an operating system. This can lead to:-
- Unauthorized access
- Data breaches
- System compromise
FortiSIEM is a security information and event management (SIEM) solution developed by Fortinet. It provides real-time analysis of security alerts generated by network hardware and applications, helping organizations detect and respond to security threats efficiently.
- CVE ID: CVE-2023-36553
- Impact: Execute unauthorized code or commands
- Summary: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in the FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.
- IR Number: FG-IR-23-135
- Severity: Critical
- CVSSv3 Score: 9.3
- Date: Nov 14, 2023
Moreover, this critical FortiSIEM injection vulnerability (CVE-2023-36553) was identified as a variant of CVE-2023-34992, another critical flaw that was already fixed in October of this year.
Improper input sanitization allows OS command execution, posing risks of:-
- Unauthorized data access
- Modification through API requests
- Deletion through API requests
Here below we have mentioned all the products that are affected:-
- FortiSIEM 5.4 all versions
- FortiSIEM 5.3 all versions
- FortiSIEM 5.2 all versions
- FortiSIEM 5.1 all versions
- FortiSIEM 5.0 all versions
- FortiSIEM 4.10 all versions
- FortiSIEM 4.9 all versions
- FortiSIEM 4.7 all versions
Here below, we have mentioned all the solutions:-
- Please upgrade to FortiSIEM version 7.1.0 or above
- Please upgrade to FortiSIEM version 7.0.1 or above
- Please upgrade to FortiSIEM version 6.7.6 or above
- Please upgrade to FortiSIEM version 6.6.4 or above
- Please upgrade to FortiSIEM version 6.5.2 or above
- Please upgrade to FortiSIEM version 6.4.3 or above
Hackers actively target Fortinet products due to their wide use in cybersecurity, which makes them lucrative for hackers seeking to exploit vulnerabilities on a large scale.
Furthermore, successful breaches of Fortinet devices provide hackers access to private networks and important data, offering significant rewards for threat actors.