An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
The vulnerability results from improper neutralization of special characters in operating system commands processed by the FortiSIEM CLI interface. An attacker can send crafted CLI requests containing malicious payload, which is passed directly to the system command interpreter without proper input sanitization. The complete absence of authentication requirement (Auth Bypass) means that the exploit can be conducted by any person with network access to the device.
Successful exploitation of the vulnerability allows an attacker to remotely execute arbitrary system commands (RCE) with FortiSIEM process privilege level, which can lead to full system takeover, data breach, configuration modification, or further lateral movement in the victim's network.
Patches available from the vendor must be applied immediately in accordance with the official Fortinet security advisory (FG-IR-25-152) at https://fortiguard.fortinet.com/psirt/FG-IR-25-152. Until the update is deployed, it is recommended to restrict access to the FortiSIEM CLI interface only to trusted IP addresses at the firewall level and implement network segmentation.
Fortinet FortiSIEM versions: 7.3.0–7.3.1, 7.2.0–7.2.5, 7.1.0–7.1.7, 7.0.0–7.0.3, and all versions earlier than 6.7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortisiem
APPFortinet5.4.0 – 6.7.10 (bez)7.0.0 – 7.0.4 (bez)7.1.0 – 7.1.8 (bez)7.2.0 – 7.2.6 (bez)7.3.0 – 7.3.2 (bez)
Related vulnerabilities
Command injection w Fortinet FortiSIEM — RCE przez TCP
Path Traversal w Fortinet FortiSIEM umożliwiający eskalację uprawnień
Command Injection w Fortinet FortiSIEM umożliwiający zdalne wykonanie kodu
Command injection w Fortinet FortiSIEM — nieautoryzowane wykonanie kodu przez API
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...