The US cybersecurity agency CISA updated its Known Exploited Vulnerabilities (KEV) catalog on Thursday to include flaws in Sophos, Oracle, and Microsoft products. Among these vulnerabilities, Fortinet disclosed a critical OS command injection vulnerability within the FortiSIEM report server, potentially enabling remote attackers to execute malicious commands via crafted API requests.
FortiSIEM, Fortinet’s security information and event management (SIEM) solution, play a crucial role in identifying both insider and incoming threats that may bypass standard defenses. The advisory from Fortinet warns of an “improper neutralization of special elements used in an OS Command vulnerability [CWE-78]” within the FortiSIEM report server, tracked as CVE-2023-36553, with a CVSS Score of 9.3. This vulnerability allows unauthorized execution of commands through manipulated API requests.
Moreover, this critical vulnerability (CVE-2023-36553) is identified as a variant of CVE-2023-34992, previously addressed in October. Versions 7.0.0, 6.7.0 through 6.7.5, 6.6.0 through 6.6.3, 6.5.0 through 6.5.1, and 6.4.0 through 6.4.2 of FortiSIEM are susceptible to this flaw, potentially enabling unauthorized code execution or command execution through crafted API requests due to improper input sanitization. Such vulnerabilities increase the risk of unauthorized data access, modification, and deletion through API requests.
In addition to Fortinet’s disclosure, the software and appliance manufacturer has addressed security vulnerabilities across various products. These include SQL injections and opportunities for attackers to execute arbitrary commands on the company’s appliances. Fortinet has released updates for all affected products, advising administrators to install them promptly.
The vulnerabilities in FortiOS and FortiProxy, including insufficient integrity checks leading to potential exploits on VM images of the firewall, are highlighted. Fortinet maintains the original CVE-ID CVE-2023-38545 for these vulnerabilities, with CVSSv3 scores slightly lower than those provided by the cURL project. Updates are available for vulnerable versions, addressing these issues.
Furthermore, Fortinet addressed vulnerabilities in FortiClient, a Windows software ensuring compliance with corporate policies, which allowed DLL hijacking and arbitrary file deletion. Updates have been provided to mitigate these risks.
Fortinet’s own FortiSIEM revealed a security flaw allowing arbitrary command execution via API requests, with versions 4.7 through 5.4 affected. Upgrading to versions starting from 6.4.3 resolves this issue.
Additionally, in FortiWLM, Fortinet fixed critical SQL injection and file path manipulation vulnerabilities reported by security researchers, along with other security issues across FortiADC and FortiDDoS-F products.
The comprehensive updates from Fortinet aim to mitigate these vulnerabilities, ensuring the security and integrity of their products amidst evolving cyber threats. Administrators are strongly advised to apply these patches promptly to safeguard their systems and data.