CVE-2023-36553

Summary

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSIEM5.4.0affected
FortinetFortiSIEM5.3.0 <= 5.3.3affected
FortinetFortiSIEM5.2.5 <= 5.2.8affected
FortinetFortiSIEM5.2.1 <= 5.2.2affected
FortinetFortiSIEM5.1.0 <= 5.1.3affected
FortinetFortiSIEM5.0.0 <= 5.0.1affected
FortinetFortiSIEM4.10.0affected
FortinetFortiSIEM4.9.0affected
FortinetFortiSIEM4.7.2affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References