Fortinet is alerting clients of a important OS command injection vulnerability in FortiSIEM report server that may very well be exploited by distant, unauthenticated attackers to execute instructions by specifically crafted API requests.
FortiSIEM (Safety Info and Occasion Administration) is a complete cybersecurity resolution that gives organizations with enhanced visibility and granular management over their safety posture.
It’s utilized in companies of all sizes within the healthcare, monetary, retail, e-commerce, authorities, and public sectors.
Variant of one other OS command injection
Now tracked as CVE-2023-36553, Fortinet’s product safety staff earlier this week found the flaw and assigned it a important severity rating of 9.3. Nevertheless, the U.S. Nationwide Institute of Requirements and Know-how (NIST) calculated a severity rating of 9.8.
“An improper neutralization of particular components utilized in an OS Command vulnerability [CWE-78] in FortiSIEM report server could permit a distant unauthenticated attacker to execute unauthorized instructions by way of crafted API requests.” – Fortinet
The researchers say that CVE-2023-36553 is a variant of one other critical-severity safety concern recognized as CVE-2023-34992 that was mounted in early October.
Improper neutralization points come up when the software program fails to sanitize enter, corresponding to particular characters or management components, earlier than it’s handed by an accepted OS command delivered to an interpreter.
On this case, this system takes API requests and passes them to the OS as a command to be executed, resulting in harmful situations like unauthorized knowledge entry, modification, or deletion.
Affected variations embrace FortiSIEM releases from 4.7 by 5.4. Fortinet urges system directors to improve to variations 6.4.3, 6.5.2, 6.6.4, 6.7.6, 7.0.1, or 7.1.0 and later.
Enticing targets
Fortinet merchandise embrace firewalls, endpoint safety, and intrusion detection programs. These are sometimes focused by subtle, state-backed hacking teams, for entry to a company’s community.
In 2023, varied cybersecurity studies confirmed bugs in Fortinet merchandise being exploited by Iranian hackers to assault U.S. aeronautical companies and Chinese language cyber-espionage clusters [1, 2].
Moreover, there have been instances the place hackers exploited zero-day vulnerabilities in Fortinet merchandise to breach authorities networks, found after painstakingly reverse-engineering particular FortiGate OS elements.
