"A Critical OS Command Injection Flaw Affects Fortinet FortiSIEM"

Fortinet is warning customers about a critical operating system command injection vulnerability, tracked as CVE-2023-36553 with a CVSS score of 9.3, in the FortiSIEM report server. A remote, unauthenticated attacker can use the flaw to execute commands by sending specially crafted Application Programming Interface (API) requests. FortiSIEM is Fortinet's Security Information and Event Management (SIEM) solution that collects, aggregates, and correlates log data from various sources within a network. This article continues to discuss the potential exploitation and impact of the critical operating system command injection vulnerability in the FortiSIEM report server.

Security Affairs reports "A Critical OS Command Injection Flaw Affects Fortinet FortiSIEM"

Submitted by grigby1