Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. FortiSIEM is a comprehensive cybersecurity solution that provides organizations with enhanced visibility and granular control over their security posture. It is used in businesses of all sizes in the healthcare, financial, retail, e-commerce, government, and public sectors. Now tracked as CVE-2023-36553, Fortinet's product security team earlier this week discovered the flaw and assigned it a critical severity score of 9.3. The U.S. National Institute of Standards and Technology calculated a severity score of 9.8. "An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests." - Fortinet. The researchers say that CVE-2023-36553 is a variant of another critical-severity security issue identified as CVE-2023-34992 that was fixed in early October. Improper neutralization issues arise when the software fails to sanitize input, such as special characters or control elements, before it is passed through an accepted OS command delivered to an interpreter. In this case, the program takes API requests and passes them to the OS as a command to be executed, leading to dangerous scenarios like unauthorized data access, modification, or deletion. Affected versions include FortiSIEM releases from 4.7 through 5.4. Fortinet urges system administrators to upgrade to versions 6.4.3, 6.5.2, 6.6.4, 6.7.6, 7.0.1, or 7.1.0 and later. Fortinet products include firewalls, endpoint security, and intrusion detection systems. These are often targeted by sophisticated, state-backed hacking groups, for access to an organization's network. In 2023, various cybersecurity reports confirmed bugs in Fortinet products being exploited by Iranian hackers to attack U.S. aeronautical firms and Chinese cyber-espionage clusters [1, 2]. Additionally, there have been cases where hackers exploited zero-day vulnerabilities in Fortinet products to breach government networks, discovered after painstakingly reverse-engineering specific FortiGate OS components. QNAP warns of critical command injection flaws in QTS OS, apps. F5 fixes BIG-IP auth bypass allowing remote code execution attacks. Citrix Hypervisor gets hotfix for new Reptar Intel CPU flaw. LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed. WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000