Researchers has discovered a critical vulnerability in FortiSIEM that could allow remote attackers to execute arbitrary commands on affected systems.
The vulnerability tracked as CVE-2023-36553 and assigned a CVSS score of 9.3, stems from an OS command injection flaw in the FortiSIEM report server.
The vulnerability arises from improper neutralization of special elements used in OS commands within the FortiSIEM report server. By crafting malicious API requests, remote attackers can exploit this flaw to inject arbitrary commands onto the vulnerable system.
This effectively grants attackers complete control over the system, enabling them to perform a range of malicious activities, including Stealing sensitive data. Installing malware or backdoors, and disrupting or disabling FortiSIEM operations
A wide range of FortiSIEM versions are vulnerable to this critical flaw,
- FortiSIEM 5.4 all versions
- FortiSIEM 5.3 all versions
- FortiSIEM 5.2 all versions
- FortiSIEM 5.1 all versions
- FortiSIEM 5.0 all versions
- FortiSIEM 4.10 all versions
- FortiSIEM 4.9 all versions
- FortiSIEM 4.7 all versions
Given the severity of this vulnerability, Fortinet, the developer of FortiSIEM, has strongly advised all affected users to upgrade their systems to the following patched versions immediately.
- FortiSIEM version 7.1.0 or above
- FortiSIEM version 7.0.1 or above
- FortiSIEM version 6.7.6 or above
- FortiSIEM version 6.6.4 or above
- FortiSIEM version 6.5.2 or above
- FortiSIEM version 6.4.3 or above
The CVE-2023-36553 vulnerability poses a significant security risk to organizations that rely on FortiSIEM. Promptly upgrading to the patched versions and implementing additional security measures are crucial to mitigate this risk and protect sensitive data. Organizations should also consider implementing a comprehensive security awareness training program for their employees to help them identify and avoid phishing attempts and other social engineering attacks.