November 16, 2023 at 10:22AM
Fortinet has warned customers about a critical OS command injection vulnerability in its FortiSIEM report server. The flaw can be exploited by remote, unauthenticated attackers to execute unauthorized commands through specially crafted API requests. The vulnerability, tracked as CVE-2023-36553, is a variant of a previous vulnerability (CVE-2023-34992). Fortinet advises affected users to upgrade to specified versions. Fortinet products have been attractive targets for hacking groups, with previous instances of exploitation reported.
Takeaways from the meeting notes:
1. Fortinet has identified a critical OS command injection vulnerability in the FortiSIEM report server.
2. The vulnerability can be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests.
3. FortiSIEM is a comprehensive cybersecurity solution that provides enhanced visibility and granular control over security.
4. The vulnerability is tracked as CVE-2023-36553 and has a critical severity score assigned by Fortinet and the U.S. National Institute of Standards and Technology (NIST).
5. It is a variant of another critical-severity security issue, CVE-2023-34992, which was fixed in early October.
6. The vulnerability arises from improper neutralization of special elements used in an OS Command vulnerability.
7. Affected versions of FortiSIEM include releases from 4.7 through 5.4.
8. Fortinet recommends upgrading to versions 6.4.3, 6.5.2, 6.6.4, 6.7.6, 7.0.1, or 7.1.0 and later.
9. Fortinet products, including firewalls, endpoint security, and intrusion detection systems, are attractive targets for state-backed hacking groups.
10. Iranian hackers have previously exploited bugs in Fortinet products to attack U.S. aeronautical firms and Chinese cyber-espionage clusters.
11. There have been cases of hackers exploiting zero-day vulnerabilities in Fortinet products to breach government networks.