CVE-2023-36553

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 14, 2023

Updated: Nov 20, 2023

CWE ID 78

Summary

CVE-2023-36553 is a critical vulnerability affecting Fortinet FortiSIEM versions 5.3.0 through 5.4.0, 5.2.5 through 5.2.8, 5.2.1 through 5.2.2, 5.1.0 through 5.1.3, 5.0.0 through 5.0.1, 4.10.0, and 4.9.0, and 4.7.2. This issue allows an attacker to execute unauthorized code or commands by exploiting an os command injection vulnerability in crafted API requests. The vulnerability arises due to the FortiSIEM software's failure to properly neutralize special elements in os commands, enabling attackers to inject their own commands and potentially gain administrative access to the system. This vulnerability can lead to significant security risks, including system compromise and data theft, and Fortinet strongly advises users to upgrade to a patched version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

FortiSIEM

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners