FortiSIEM Injection Flaw Let Attackers Execute Malicious Commands

OS command injection is a security vulnerability where an attacker exploits improper user input validation to inject malicious commands into an operating system. This can lead to:-

  • Unauthorized access
  • Data breaches
  • System compromise

FortiSIEM is a security information and event management (SIEM) solution developed by Fortinet. It provides real-time analysis of security alerts generated by network hardware and applications, helping organizations detect and respond to security threats efficiently.

Cybersecurity researchers at Fortinet Product Security Incident Response Team (PSIRT) recently identified a Forti SIEM injection flaw that lets attackers execute malicious commands and has been tracked as “CVE-2023-36553.”

Flaw Profile:

  • CVE ID: CVE-2023-36553
  • Impact: Execute unauthorized code or commands
  • Summary: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in the FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.
  • IR Number: FG-IR-23-135
  • Severity: Critical
  • CVSSv3 Score: 9.3
  • Date: Nov 14, 2023

Moreover, this critical FortiSIEM injection vulnerability (CVE-2023-36553) was identified as a variant of CVE-2023-34992, another critical flaw that was already fixed in October of this year.

Improper input sanitization allows OS command execution, posing risks of:-

  • Unauthorized data access
  • Modification through API requests
  • Deletion through API requests

Affected Products:

Here below we have mentioned all the products that are affected:-

  • FortiSIEM 5.4 all versions
  • FortiSIEM 5.3 all versions
  • FortiSIEM 5.2 all versions
  • FortiSIEM 5.1 all versions
  • FortiSIEM 5.0 all versions
  • FortiSIEM 4.10 all versions
  • FortiSIEM 4.9 all versions
  • FortiSIEM 4.7 all versions

Solutions:

Here below, we have mentioned all the solutions:-

  • Please upgrade to FortiSIEM version 7.1.0 or above
  • Please upgrade to FortiSIEM version 7.0.1 or above
  • Please upgrade to FortiSIEM version 6.7.6 or above
  • Please upgrade to FortiSIEM version 6.6.4 or above
  • Please upgrade to FortiSIEM version 6.5.2 or above
  • Please upgrade to FortiSIEM version 6.4.3 or above

Hackers actively target Fortinet products due to their wide use in cybersecurity, which makes them lucrative for hackers seeking to exploit vulnerabilities on a large scale.

Furthermore, successful breaches of Fortinet devices provide hackers access to private networks and important data, offering significant rewards for threat actors.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Posted in IT Security

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*

Recent Comments

No comments to show.