Fortinet has issued a critical alert regarding a severe OS command injection vulnerability in its FortiSIEM report server, exposing organizations to the risk of remote, unauthenticated attackers executing commands through carefully crafted API requests. FortiSIEM, a comprehensive cybersecurity solution utilized across diverse sectors such as healthcare, finance, retail, and government, is susceptible to this flaw, identified as CVE-2023-36553 with a critical severity score of 9.3.
Furthermore, the U.S. National Institute of Standards and Technology (NIST) calculated an even higher severity score of 9.8. The vulnerability, a variant of a previously fixed issue (CVE-2023-34992), arises from improper neutralization of special elements used in an OS command, potentially allowing unauthorized commands by remote attackers.
Additionally, Fortinet’s product security team discovered the flaw and emphasized the urgency for system administrators to upgrade affected FortiSIEM versions, ranging from 4.7 through 5.4, to more secure versions like 6.4.3, 6.5.2, 6.6.4, 6.7.6, 7.0.1, or 7.1.0 and later. The vulnerability’s severity stems from improper neutralization issues, where the software fails to sanitize input, leaving room for unauthorized access, data modification, or deletion.
Fortinet’s products, including firewalls and intrusion detection systems, are frequently targeted by sophisticated state-backed hacking groups seeking access to organizational networks. Reports in 2023 highlighted instances of Iranian hackers exploiting Fortinet product bugs to target U.S. aeronautical firms and Chinese cyber-espionage clusters, underlining the critical importance of promptly addressing and patching such vulnerabilities in cybersecurity infrastructure.