An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
The vulnerability results from improper neutralization of special characters used in operating system commands (CWE-78). An attacker sends specially crafted TCP requests to the vulnerable FortiSIEM system, which contain malicious payloads with embedded OS commands. The lack of proper input validation causes the transmitted commands to be executed by the system with the privileges of the request-handling process.
An attacker can remotely execute arbitrary code or system commands on the FortiSIEM server without requiring any privileges, which can lead to complete system takeover, loss of data confidentiality, violation of integrity, and service unavailability.
Apply patches available from the vendor according to the references (https://fortiguard.fortinet.com/psirt/FG-IR-25-772). Until the fix is implemented, it is recommended to restrict network access to TCP ports used by FortiSIEM to trusted hosts only and monitor anomalies in network traffic directed to the system.
Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0–7.3.4, FortiSIEM 7.1.0–7.1.8, FortiSIEM 7.0.0–7.0.4, FortiSIEM 6.7.0–6.7.10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortisiem
APPFortinet7.4.06.7.0 – 7.1.9 (bez)7.2.0 – 7.2.7 (bez)7.3.0 – 7.3.5 (bez)
Related vulnerabilities
Krytyczny pre-auth command injection w Fortinet FortiSIEM (RCE)
Path Traversal w Fortinet FortiSIEM umożliwiający eskalację uprawnień
Command Injection w Fortinet FortiSIEM umożliwiający zdalne wykonanie kodu
Command injection w Fortinet FortiSIEM — nieautoryzowane wykonanie kodu przez API
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...