CVE-2023-36553: Critical OS Command Injection Vulnerability in FortiSIEM

Share :

On 14 November 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM. The vulnerability was rated with a Common Vulnerability Scoring System (CVSS) score of 9.3, as it can be exploited remotely by an unauthenticated threat actor using crafted API requests to execute unauthorised commands. This vulnerability is caused by improper neutralisation of special elements in FortiSIEM report server. 

Fortinet products present an appealing target for threat actors because of the extensive network access attainable upon system compromise, as evidenced by the numerous Fortinet vulnerabilities listed in CISA’s Known Exploited Vulnerabilities Catalog. Furthermore, their widespread use in enterprise networks worldwide provides threat actors with opportunities to target organisations across various industries. 

Recommendation for CVE-2023-36553

Upgrade FortiSIEM to Fixed Version  

Arctic Wolf strongly recommends upgrading to the latest fixed versions of FortiSIEM.  

Product  Affected Versions  Fixed versions 


Fortinet FortiSIEM 
  • 5.4 all versions 
  • 5.3 all versions 
  • 5.2 all versions 
  • 5.1 all versions 
  • 5.0 all versions 
  • 4.10 all versions 
  • 4.9 all versions 
  • 4.8 all versions 
  • 7.1.0 or above 
  • 7.0.1 or above 
  • 6.7.6 or above 
  • 6.6.4 or above 
  • 6.5.2 or above 
  • 6.4.3 or above 


Please follow your organisations patching and testing guidelines to avoid operational impact. 


  1. FortiGuard Advisory 
Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents