Critical Vulnerability in Fortinet’s FortiSIEM Product
Published on 17 Nov 2023 | Updated on 17 Nov 2023
Fortinet has released security updates to address a critical vulnerability (CVE-2023-36553) in their FortiSIEM report server.
Successful exploitation of the OS command vulnerability could allow a remote unauthenticated attacker to execute commands through specially crafted API requests.
The vulnerability affects products that use FortiSIEM versions from 4.7 through 5.4 inclusive.
Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.