Pierluigi Paganini November 17, 2023

Fortinet warns of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited to execute arbitrary commands.

Fortinet is warning customers of a critical OS command injection vulnerability, tracked as CVE-2023-36553 (CVSS score 9.3), in FortiSIEM report server. A remote, unauthenticated attacker can exploit the flaw to execute commands by sending specially crafted API requests.

“An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.” reads the advisory published by the vendor. “This vulnerability was internally discovered as a variant of FG-IR-23-130.”

FortiSIEM is the security information and event management (SIEM) solution provided by Fortinet. FortiSIEM collects, aggregates, and correlates log data from various sources across the network

The vulnerability was discovered by Adham El karn of the Fortinet Product Security team.

The flaw affects Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2.

This vulnerability was internally discovered as a variant of another issue tracked as CVE-2023-34992, which was also an improper neutralization of special elements used in an os command (‘os command injection’) in FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2.

The security firm addressed the vulnerability in early October.

It’s not clear if the vulnerability is actively exploited in attacks in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Fortinet)