OS Command Injection Vulnerability in Fortinet FortiSIEM
CVE-2023-36553

9.3CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortisiem
Vendor: CVE Published:; 14 November 2023

Badges

📰 News Worthy

What is CVE-2023-36553?

An OS command injection vulnerability exists in Fortinet FortiSIEM, affecting multiple versions, which allows attackers to execute unauthorized commands or code through specially crafted API requests. This could lead to potential security breaches, allowing attackers to manipulate system behavior or access sensitive information. It is essential to apply the latest updates and patches to safeguard against such vulnerabilities.

Affected Version(s)

FortiSIEM 5.4.0

FortiSIEM 5.3.0 <= 5.3.3

FortiSIEM 5.2.5 <= 5.2.8

News Articles

CybersecurityNews

CVE-2023-36553

FortiSIEM Injection Flaw Let Attackers Execute Malicious Commands

Cybersecurity researchers identified a FortiSIEM injection flaw that lets execute malicious commands & tracked as "CVE-2023-36553."

References

https://fortiguard.com/psirt/FG-IR-23-135

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
Nov 17, 2023
Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jun 23, 2023