Prominent cyber security solutions provider, Fortinet, has recently disclosed CVE-2023-36553, a critical vulnerability affecting its FortiSIEM Report Server, possessing severe risks and potentially enabling remote and unauthenticated attackers to execute malicious commands on vulnerable instances.
Here’s what you need to know.
CVE-2023- 36553 at a glance
| CISA deadline: | None |
| Type: | OS Command Injection due to Improper Neutralization of Special Elements |
| Impact: | Confidentiality, Integrity, Availability |
| Platforms: | FortiSIEM releases 4.7 through 5.4. |
| Wild Exploit: | No |
| Mitigation: | Update FortiSIEM versions to: 7.1.0 / 7.0.1 / 6.7.6 / .6.4 / 6.5.2 / 6.4.3 |
What is CVE-2023- 36553?
The vulnerability dubbed CVE-2023-36553 and rated as critical (CVSS 9.8), is an OS Command Injection flaw attributed to improper neutralization of special elements. This security flaw allows unauthorized remote attackers to execute commands through specially crafted API requests directed at the FortiSIEM report server.
An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows an attacker to execute unauthorized code or commands via crafted API requests.
This vulnerability shares similarities with a previously patched issue, CVE-2023-34992, which was addressed by Fortinet in October 2023. It represents a variant of the earlier critical OS Command Injection vulnerability in FortiSIEM.
The vulnerability, as described by Fortinet, involves an OS Command flaw (CWE-78) within the FortiSIEM report server, potentially allowing remote unauthenticated attackers to execute unauthorized commands through manipulated API requests.
Improper neutralization problems occur when software fails to properly sanitize input – such as special characters or control elements – before passing it as an OS command to an interpreter. In this scenario, the software receives API requests and forwards them to the operating system as executable commands, opening pathways for unauthorized data access, alteration, or deletion.
Does CVE-2023-36553 affect me?
Versions impacted by this vulnerability span from FortiSIEM releases 4.7 through 5.4:
- FortiSIEM 5.4 all versions
- FortiSIEM 5.3 all versions
- FortiSIEM 5.2 all versions
- FortiSIEM 5.1 all versions
- FortiSIEM 5.0 all versions
- FortiSIEM 4.10 all versions
Has CVE-2023-36553 been actively exploited in the wild?
As of the latest information, there have been no reported instances of exploitation associated with the CVE-2023-36553 vulnerability affecting FortiSIEM Report Server.
How to fix CVE-2023-36553?
Fortinet has promptly addressed this critical vulnerability and urges users to update their FortiSIEM versions to the following or later versions to mitigate security risks:
- 7.1.0
- 7.0.1
- 6.7.6
- 6.6.4
- 6.5.2
- 6.4.3
Next steps
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:
