Voyager18 (research)

How to fix CVE-2023- 36553 in FortiSIEM Report Server

The critical CVE-2023-36553 in the FortiSIEM Report Server, allows remote execution of commands on affected systems. Learn more.

Yair Divinsky | November 22, 2023

Prominent cyber security solutions provider, Fortinet, has recently disclosed CVE-2023-36553, a critical vulnerability affecting its FortiSIEM Report Server, possessing severe risks and potentially enabling remote and unauthenticated attackers to execute malicious commands on vulnerable instances.

Here’s what you need to know. 

CVE-2023- 36553 at a glance

CISA deadline: 



OS Command Injection due to Improper Neutralization of Special Elements 


Confidentiality, Integrity, Availability 


FortiSIEM releases 4.7 through 5.4. 

Wild Exploit: 



Update FortiSIEM versions to: 

7.1.0 / 7.0.1 / 6.7.6 / .6.4 / 6.5.2 / 6.4.3 

What is CVE-2023- 36553? 

The vulnerability dubbed CVE-2023-36553 and rated as critical (CVSS 9.8), is an OS Command Injection flaw attributed to improper neutralization of special elements. This security flaw allows unauthorized remote attackers to execute commands through specially crafted API requests directed at the FortiSIEM report server. 

An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows an attacker to execute unauthorized code or commands via crafted API requests. 

This vulnerability shares similarities with a previously patched issue, CVE-2023-34992, which was addressed by Fortinet in October 2023. It represents a variant of the earlier critical OS Command Injection vulnerability in FortiSIEM. 

The vulnerability, as described by Fortinet, involves an OS Command flaw (CWE-78) within the FortiSIEM report server, potentially allowing remote unauthenticated attackers to execute unauthorized commands through manipulated API requests. 

Improper neutralization problems occur when software fails to properly sanitize input – such as special characters or control elements – before passing it as an OS command to an interpreter. In this scenario, the software receives API requests and forwards them to the operating system as executable commands, opening pathways for unauthorized data access, alteration, or deletion. 



Does CVE-2023-36553 affect me?

Versions impacted by this vulnerability span from FortiSIEM releases 4.7 through 5.4: 

  • FortiSIEM 5.4 all versions 
  • FortiSIEM 5.3 all versions 
  • FortiSIEM 5.2 all versions 
  • FortiSIEM 5.1 all versions 
  • FortiSIEM 5.0 all versions 
  • FortiSIEM 4.10 all versions 

Has CVE-2023-36553 been actively exploited in the wild? 

As of the latest information, there have been no reported instances of exploitation associated with the CVE-2023-36553 vulnerability affecting FortiSIEM Report Server.  

How to fix CVE-2023-36553? 

Fortinet has promptly addressed this critical vulnerability and urges users to update their FortiSIEM versions to the following or later versions to mitigate security risks: 

  • 7.1.0 
  • 7.0.1 
  • 6.7.6 
  • 6.6.4 
  • 6.5.2 
  • 6.4.3 

Next steps

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. Announcing the Attack Path Graph for end-to-end risk prioritization
  2. The Q3 2023 Vulnerability Watch report
  3. MITRE ATTACK framework – Mapping techniques to CVEs  
  4. Exploit maturity: an introduction  
  5. IBM’s Cost of a Data Breach report 2023 – what we learned

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy