Critical Vulnerability in Fortinet’s FortiSIEM Product

Published on 17 Nov 2023 | Updated on 17 Nov 2023

Fortinet has released security updates to address a critical vulnerability (CVE-2023-36553) in their FortiSIEM report server.

Successful exploitation of the OS command vulnerability could allow a remote unauthenticated attacker to execute commands through specially crafted API requests.

The vulnerability affects products that use FortiSIEM versions from 4.7 through 5.4 inclusive.

Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

More information is available at:

https://www.fortiguard.com/psirt/FG-IR-23-135
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-command-injection-bug-in-fortisiem/