Fortinet warns of critical command injection bug in FortiSIEM


Customers should be aware that Fortinet has discovered a serious OS command injection vulnerability in the FortiSIEM report server. This vulnerability could allow remote, unauthenticated attackers to execute commands by sending carefully constructed API requests. A complete cybersecurity solution called FortiSIEM gives businesses more visibility and precise control over their security posture.

It is utilized by companies of all sizes in the public, healthcare, financial, retail, e-commerce, and government domains. The vulnerability was identified earlier this week by Fortinet’s product security team, who have since tracked it as CVE-2023-36553 and given it a critical severity level of 9.3. Fortinet gave this vulnerability a preliminary score of 9.8, but temporal metrics—which measure the accessibility of exploits, patches, and workarounds—were not taken into account.

Read More…