CVE-2023-36553

CWE-78OS Command Injection5 documents5 sources
Severity
9.8CRITICAL
EPSS
1.8%
top 17.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisiem
Timeline
PublishedNov 14

Description

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortisiem5.3.05.3.3+8
NVDfortinet/fortisiem5.1.05.1.3+16

🔴Vulnerability Details

2
GHSA
GHSA-8m44-cmv2-wgmg: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 52023-11-14
CVEList
CVE-2023-36553: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 52023-11-14

📋Vendor Advisories

1
Fortinet
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM versi...2023-11-14
CVE-2023-36553 (CRITICAL CVSS 9.8) | A improper neutralization of specia | cvebase.io