What is CVE-2023-36553?

CVE-2023-36553 is a vulnerability that allows an attacker to execute arbitrary commands on Fortinet FortiSIEM versions 4.7.2 through 5.4.0.

How severe is CVE-2023-36553?

CVE-2023-36553 has a severity rating of 9.3, which is considered critical.

Which software versions are affected by CVE-2023-36553?

Fortinet FortiSIEM versions 4.7.2 through 5.4.0 are affected by CVE-2023-36553.

Is there a fix for CVE-2023-36553?

Yes, Fortinet has released patches to fix CVE-2023-36553. Please refer to their official website for more details.

Where can I find more information about CVE-2023-36553?

You can find more information about CVE-2023-36553 on Fortinet's official website.

Vulnerability/
CVE-2023-36553

critical

9.8

CWE

78 77

14/11/2023

22/10/2024

CVE-2023-36553: OS Command Injection

First published: Tue Nov 14 2023(Updated: )

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiSIEM	>=5.1.0<=5.1.3
Fortinet FortiSIEM	=4.7.2
Fortinet FortiSIEM	=4.9.0
Fortinet FortiSIEM	=4.10.0
Fortinet FortiSIEM	=5.0.0
Fortinet FortiSIEM	=5.0.1
Fortinet FortiSIEM	=5.2.1
Fortinet FortiSIEM	=5.2.2
Fortinet FortiSIEM	=5.2.5
Fortinet FortiSIEM	=5.2.6
Fortinet FortiSIEM	=5.2.7
Fortinet FortiSIEM	=5.2.8
Fortinet FortiSIEM	=5.3.0
Fortinet FortiSIEM	=5.3.1
Fortinet FortiSIEM	=5.3.2
Fortinet FortiSIEM	=5.3.3
Fortinet FortiSIEM	=5.4.0
Fortinet FortiSIEM

Remedy

Please upgrade to FortiSIEM version 7.1.0 or above Please upgrade to FortiSIEM version 7.0.1 or above Please upgrade to FortiSIEM version 6.7.6 or above Please upgrade to FortiSIEM version 6.6.4 or above Please upgrade to FortiSIEM version 6.5.2 or above Please upgrade to FortiSIEM version 6.4.3 or above

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2023-36553?
CVE-2023-36553 is a vulnerability that allows an attacker to execute arbitrary commands on Fortinet FortiSIEM versions 4.7.2 through 5.4.0.
How severe is CVE-2023-36553?
CVE-2023-36553 has a severity rating of 9.3, which is considered critical.
Which software versions are affected by CVE-2023-36553?
Fortinet FortiSIEM versions 4.7.2 through 5.4.0 are affected by CVE-2023-36553.
Is there a fix for CVE-2023-36553?
Yes, Fortinet has released patches to fix CVE-2023-36553. Please refer to their official website for more details.
Where can I find more information about CVE-2023-36553?
You can find more information about CVE-2023-36553 on Fortinet's official website.

collector/nvd-api
agent/weakness
agent/last-modified-date
agent/type
agent/first-publish-date
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-23108
alias/CVE-2024-23109
alias/CVE-2023-34992
alias/CVE-2023-36553
agent/remedy
agent/severity
agent/author
agent/references
agent/description
agent/event
agent/news-ai
agent/software-canonical-lookup
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/fortinet
canonical/fortinet fortisiem
version/fortinet fortisiem/5.1.0
version/fortinet fortisiem/5.1.3
version/fortinet fortisiem/4.7.2
version/fortinet fortisiem/4.9.0
version/fortinet fortisiem/4.10.0
version/fortinet fortisiem/5.0.0
version/fortinet fortisiem/5.0.1
version/fortinet fortisiem/5.2.1
version/fortinet fortisiem/5.2.2
version/fortinet fortisiem/5.2.5
version/fortinet fortisiem/5.2.6
version/fortinet fortisiem/5.2.7
version/fortinet fortisiem/5.2.8
version/fortinet fortisiem/5.3.0
version/fortinet fortisiem/5.3.1
version/fortinet fortisiem/5.3.2
version/fortinet fortisiem/5.3.3
version/fortinet fortisiem/5.4.0