This advisory is for organizations that use the FortiSIEM report server as part of their security solution. If your organization does not use this platform, this notification may be discarded.
Summary
Fortinet has released updates to address a Remote Code Execution vulnerability in their FortiSIEM Report Server. The vulnerability could allow an unauthenticated, remote attacker to pass arbitrary commands to the OS for execution.
CVE-2023-36553– FortiSIEM critical command injection vulnerability
CVSSv3: 9.3
Affected Products/Versions
- FortiSIEM 5.4 all versions
- FortiSIEM 5.3 all versions
- FortiSIEM 5.2 all versions
- FortiSIEM 5.1 all versions
- FortiSIEM 5.0 all versions
- FortiSIEM 4.10 all versions
- FortiSIEM 4.9 all versions
- FortiSIEM 4.7 all versions
Mitigations
Please upgrade to FortiSIEM version 7.1.0 or above
Please upgrade to FortiSIEM version 7.0.1 or above
Please upgrade to FortiSIEM version 6.7.6 or above
Please upgrade to FortiSIEM version 6.6.4 or above
Please upgrade to FortiSIEM version 6.5.2 or above
Please upgrade to FortiSIEM version 6.4.3 or above
Additional Resources
https://www.fortiguard.com/psirt/FG-IR-23-135
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-command-injection-bug-in-fortisiem/amp/
