On 14 November 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM. The vulnerability was rated with a Common Vulnerability Scoring System (CVSS) score of 9.3, as it can be exploited remotely by an unauthenticated threat actor using crafted API requests to execute unauthorised commands. This vulnerability is caused by improper neutralisation of special elements in FortiSIEM report server.
Fortinet products present an appealing target for threat actors because of the extensive network access attainable upon system compromise, as evidenced by the numerous Fortinet vulnerabilities listed in CISA’s Known Exploited Vulnerabilities Catalog. Furthermore, their widespread use in enterprise networks worldwide provides threat actors with opportunities to target organisations across various industries.
Recommendation for CVE-2023-36553
Upgrade FortiSIEM to Fixed Version
Arctic Wolf strongly recommends upgrading to the latest fixed versions of FortiSIEM.
| Product | Affected Versions | Fixed versions
|
| Fortinet FortiSIEM |
|
|
Please follow your organisations patching and testing guidelines to avoid operational impact.
