An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests.
The vulnerability results from improper neutralization of special characters in data passed to operating system commands (CWE-78). An attacker can send specially crafted API requests to the vulnerable FortiSIEM system, which contain malicious elements that are subsequently interpreted as system commands. The lack of authentication requirement and network attack vector allow the exploit to be carried out by anyone with access to the product's API interface.
An attacker can execute unauthorized code or system commands on the server, which in practice means complete takeover of the device, potential breach of data confidentiality and integrity, and service unavailability.
Apply patches available from the vendor in accordance with references published by Fortinet at https://fortiguard.com/psirt/FG-IR-23-130. Until the update is deployed, it is recommended to restrict access to the FortiSIEM API interface only to trusted IP addresses.
Fortinet FortiSIEM — versions indicated in vendor references (https://fortiguard.com/psirt/FG-IR-23-130)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HFortinet Fortisiem
APPFortinet7.1.07.1.16.6.0 – 6.6.36.4.0 – 6.4.27.0.0 – 7.0.26.7.0 – 6.7.86.5.0 – 6.5.2
Related vulnerabilities
Command injection w Fortinet FortiSIEM — RCE przez TCP
Krytyczny pre-auth command injection w Fortinet FortiSIEM (RCE)
Path Traversal w Fortinet FortiSIEM umożliwiający eskalację uprawnień
Command injection w Fortinet FortiSIEM — nieautoryzowane wykonanie kodu przez API
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...