Fortinet is alerting prospects of a crucial OS command injection vulnerability in FortiSIEM report server that may very well be exploited by distant, unauthenticated attackers to execute instructions by way of specifically crafted API requests.
FortiSIEM (Safety Data and Occasion Administration) is a complete cybersecurity resolution that gives organizations with enhanced visibility and granular management over their security posture.
It’s utilized in companies of all sizes within the healthcare, monetary, retail, e-commerce, authorities, and public sectors.
Variant of one other OS command injection
Now tracked as CVE-2023-36553, Fortinet’s product security staff earlier this week found the flaw and assigned it a crucial severity rating of 9.3. Nevertheless, the U.S. Nationwide Institute of Requirements and Know-how (NIST) calculated a severity rating of 9.8.
“An improper neutralization of particular parts utilized in an OS Command vulnerability [CWE-78] in FortiSIEM report server could enable a distant unauthenticated attacker to execute unauthorized instructions by way of crafted API requests.” – Fortinet
The researchers say that CVE-2023-36553 is a variant of one other critical-severity security challenge recognized as CVE-2023-34992 that was fastened in early October.
Improper neutralization points come up when the software program fails to sanitize enter, akin to particular characters or management parts, earlier than it’s handed by way of an accepted OS command delivered to an interpreter.
On this case, this system takes API requests and passes them to the OS as a command to be executed, resulting in harmful eventualities like unauthorized information entry, modification, or deletion.
Affected variations embody FortiSIEM releases from 4.7 by way of 5.4. Fortinet urges system directors to improve to variations 6.4.3, 6.5.2, 6.6.4, 6.7.6, 7.0.1, or 7.1.0 and later.
Enticing targets
Fortinet merchandise embody firewalls, endpoint security, and intrusion detection programs. These are sometimes focused by refined, state-backed hacking teams, for entry to a corporation’s community.
In 2023, numerous cybersecurity studies confirmed bugs in Fortinet merchandise being exploited by Iranian hackers to assault U.S. aeronautical corporations and Chinese language cyber-espionage clusters [1, 2].
Moreover, there have been instances the place hackers exploited zero-day vulnerabilities in Fortinet merchandise to breach authorities networks, found after painstakingly reverse-engineering particular FortiGate OS parts.
