CVE-2023-36553: Command Injection Vulnerability in FortiSIEM

November 29, 2023
Alert Advisory, CVE, Cybersecurity, Managed SOC Services, SIEM
Managed CSOC

Fortinet, a major cybersecurity company, recently published an advisory regarding a critical vulnerability affecting its FortiSIEM Report Server.

Background:

The vulnerability is extremely dangerous since it could allow remote and unauthenticated attackers to execute arbitrary commands on susceptible instances.

The FortiSIEM Report Server, an optional component of Fortinet’s SIEM solution, acts as a centralized repository for storing and managing FortiSIEM reports.

CVE-2023-36553:

The CVE-2023-36553 vulnerability, rated critical (CVSS 9.8), is an OS Command Injection problem caused by inappropriate neutralization of special components. This security issue allows remote attackers to execute commands by sending specially crafted API requests to the FortiSIEM report server.

In Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.5, 6.6.0 through 6.6.3, 6.5.0 through 6.5.1, and 6.4.0 through 6.4.2, improper neutralization of special elements used in an os command (‘os command injection’) allows an attacker to execute unauthorized code or commands via crafted API requests.

This vulnerability is comparable to a previously patched issue, CVE-2023-34992, which Fortinet corrected in October 2023. It is a variation of the previously reported serious OS Command Injection vulnerability in FortiSIEM.

According to Fortinet, the vulnerability concerns an OS Command issue (CWE-78) within the FortiSIEM report server, which might allow remote unauthenticated attackers to execute arbitrary commands via manipulated API calls.

Improper neutralization issues emerge when the software fails to properly sanitize input – such as special characters or control elements – before giving it to an interpreter as an OS command. In this case, the software receives API requests and sends them to the operating system as executable commands, allowing illegal data access, modification, or deletion.

Affected Versions:

Versions impacted by this vulnerability span from FortiSIEM releases 4.7 through 5.4:

  • FortiSIEM 5.4 all versions
  • FortiSIEM 5.3 all versions
  • FortiSIEM 5.2 all versions
  • FortiSIEM 5.1 all versions
  • FortiSIEM 5.0 all versions
  • FortiSIEM 4.10 all versions

There have been no known instances of exploitation connected with the CVE-2023-36553 issue affecting FortiSIEM Report Server as of the most recent information.

Recommendations:

To prevent security risks, Fortinet has quickly patched this significant vulnerability and recommends customers to update their FortiSIEM versions to the following or later versions:

  • 7.1.0
  • 7.0.1
  • 6.7.6
  • 6.6.4
  • 6.5.2
  • 6.4.3

You may also like

Ready to get started?

Contact us to arrange a half day Managed SOC and XDR workshop in Dubai

Contact Us
HawkEye
Linkedin Twitter Facebook Instagram Youtube

HawkEye

Packages

CSOC

Explore

© 2024 HawkEye – Managed CSOC and XDR powered by DTS Solution. All Rights Reserved.
Contact