Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Fortinet’s FortiSIEM Product
Alerts

Critical Vulnerability in Fortinet’s FortiSIEM Product

17 November 2023

Fortinet has released security updates to address a critical vulnerability (CVE-2023-36553) in their FortiSIEM report server.

Successful exploitation of the OS command vulnerability could allow a remote unauthenticated attacker to execute commands through specially crafted API requests.

The vulnerability affects products that use FortiSIEM versions from 4.7 through 5.4 inclusive.

Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

More information is available at:

https://www.fortiguard.com/psirt/FG-IR-23-135
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-command-injection-bug-in-fortisiem/ 

Back to top