Critical Vulnerability in Fortinet FortiSIEM

Fortinet revealed a vulnerability in their SIEM product, FortiSIEM. CVE-2023-36553 has a CVSS severity of critical. The finding is a OS Command Injection vulnerability resulting from improper neutralization of special elements [CWE-78] in FortiSIEM report server that allows an unauthenticated remote attacker to execute arbitrary commands via specially crafted API requests. As of now, there are no known instances of exploitation regarding the CVE-2023-36553 vulnerability in FortiSIEM Report Server.

This vulnerability is an eerily similar variant of a previously discovered critical vulnerability, designated as CVE-2023-34992. This was another critical OS Command Injection vulnerability affecting FortiSIEM and was addressed by Fortinet in October 2023.

As with many vulnerabilities, this is continued work by researchers or hackers to find similar vulnerabilities within a given component. This is like the Log4Shell findings that had over a month of new exploits being released.

Fortinet has issued patches and recommends that customers update their FortiSIEM versions to the following patched versions to avoid security risks:

• 7.1.0 

• 7.0.1 

• 6.7.6 

• 6.6.4

• 6.5.2 

• 6.4.3

As usual, this highlights the need to always be on your toes once a vulnerability is released. Patching is a never ending process, and if you find yourself struggling, contact us to see how Glassportal can help: demo@glassportal.io