{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-092.pdf"
    },
    "title": "Critical vulnerability in FortiSIEM",
    "serial_number": "2023-092",
    "publish_date": "21-11-2023 08:07:34",
    "description": "On November 14, Fortinet released an advisory regarding a critical vulnerability affecting FortiSIEM which may allow a remote unauthenticated attacker to execute unauthorised commands via crafted API requests.<br>\n",
    "url_title": "2023-092",
    "content_markdown": "---\ntitle: 'Critical vulnerability in FortiSIEM'\nnumber: '2023-092'\nversion: '1.1'\noriginal_date: 'November 14, 2023'\ndate: 'November 21, 2023'\n---\n\n_History:_\n\n* _20/11/2023 --- v1.0 -- Initial publication_\n* _21/11/2023 --- v1.1 -- Correction of the CVE ID_\n\n# Summary\n\nOn November 14, Fortinet released an advisory regarding a critical vulnerability affecting FortiSIEM which may allow a remote unauthenticated attacker to execute unauthorised commands via crafted API requests [1].\n\n# Technical Details\n\nThe vulnerability `CVE-2023-36553`, with a CVSS score of 9.3 out of 10, is due to an improper neutralisation of special elements in FortiSIEM report server. The exploitation of this vulnerability by a remote unauthenticated attacker could lead to the execution of unauthorised commands via crafted API requests.\n\n# Affected Products\n\nThis vulnerability affects:\n\n- FortiSIEM 5.4 all versions;\n- FortiSIEM 5.3 all versions;\n- FortiSIEM 5.2 all versions;\n- FortiSIEM 5.1 all versions;\n- FortiSIEM 5.0 all versions;\n- FortiSIEM 4.10 all versions;\n- FortiSIEM 4.9 all versions;\n- FortiSIEM 4.7 all versions.\n\n# Recommendations\n\nIt is recommended updating as soon as possible [1].\n\n# References\n\n[1] <https://www.fortiguard.com/psirt/FG-IR-23-135>",
    "content_html": "<p><em>History:</em></p><ul><li><em>20/11/2023 --- v1.0 -- Initial publication</em></li><li><em>21/11/2023 --- v1.1 -- Correction of the CVE ID</em></li></ul><h2 id=\"summary\">Summary</h2><p>On November 14, Fortinet released an advisory regarding a critical vulnerability affecting FortiSIEM which may allow a remote unauthenticated attacker to execute unauthorised commands via crafted API requests [1].</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <code>CVE-2023-36553</code>, with a CVSS score of 9.3 out of 10, is due to an improper neutralisation of special elements in FortiSIEM report server. The exploitation of this vulnerability by a remote unauthenticated attacker could lead to the execution of unauthorised commands via crafted API requests.</p><h2 id=\"affected-products\">Affected Products</h2><p>This vulnerability affects:</p><ul><li>FortiSIEM 5.4 all versions;</li><li>FortiSIEM 5.3 all versions;</li><li>FortiSIEM 5.2 all versions;</li><li>FortiSIEM 5.1 all versions;</li><li>FortiSIEM 5.0 all versions;</li><li>FortiSIEM 4.10 all versions;</li><li>FortiSIEM 4.9 all versions;</li><li>FortiSIEM 4.7 all versions.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended updating as soon as possible [1].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.fortiguard.com/psirt/FG-IR-23-135\">https://www.fortiguard.com/psirt/FG-IR-23-135</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}