The Information Highway

The Information Highway

Font size: +
2 minutes reading time (356 words)

Fortinet warns of critical command injection bug in FortiSIEM

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. 

FortiSIEM (Security Information and Event Management) is a comprehensive cybersecurity solution that provides organizations with enhanced visibility and granular control over their security posture. 

It is used in businesses of all sizes in the healthcare, financial, retail, e-commerce, government, and public sectors.

Variant of another OS command injection

Now tracked as CVE-2023-36553, Fortinet's product security team earlier this week discovered the flaw and assigned it a critical severity score of 9.3. The preliminary score that Fortinet assigned for this vulnerability is 9.8 but did not consider temporal metrics, which refer to availability of exploit techniques, patches or workarounds. 

"An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests." 

by Fortinet

The researchers say that CVE-2023-36553 is a variant of another critical-severity security issue identified as CVE-2023-34992 that was fixed in early October.

Improper neutralization issues arise when the software fails to sanitize input, such as special characters or control elements, before it is passed through an accepted OS command delivered to an interpreter.

In this case, the program takes API requests and passes them to the OS as a command to be executed, leading to dangerous scenarios like unauthorized data access, modification, or deletion.

Affected versions include FortiSIEM releases from 4.7 through 5.4. Fortinet urges system administrators to upgrade to versions 6.4.3, 6.5.2, 6.6.4, 6.7.6, 7.0.1, or 7.1.0 and later.

Attractive targets

Fortinet products include firewalls, endpoint security, and intrusion detection systems. These are often targeted by sophisticated, state-backed hacking groups, for access to an organization's network.

In 2023, various cybersecurity reports confirmed bugs in Fortinet products being exploited by Iranian hackers to attack U.S. aeronautical firms and Chinese cyber-espionage clusters [1, 2].

Additionally, there have been cases where hackers exploited zero-day vulnerabilities in Fortinet products to breach government networks, discovered after painstakingly reverse-engineering specific FortiGate OS components. 

Microsoft confirms Copilot AI assistant coming to ...
Ransomware gang files SEC complaint over victim’s ...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Saturday, 28 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023