Executive Risk Summary
"A vulnerability in Fortinet FortiSIEM versions 5.4.0, 5.3.0-5.3.3, 5.2.5-5.2.8, 5.2.1-5.2.2, 5.1.0-5.1.3, 5.0.0-5.0.1, 4.10.0, 4.9.0, and 4.7.2 allows attackers to execute unauthorized code or commands via crafted API requests, potentially leading to code injection and system compromise. This vulnerability, tracked as CVE-2023-36553, poses a significant risk to the security and integrity of affected systems."
Operational Audit Arsenal
Manual Verification Required
This is a non-Windows asset (Fortinet). Use the target asset details above to verify your version against vendor advisories.
Patch Impact Forecast
Moderate to High
Internal Work Notes
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Scope of Impact
Original NVD Description
"A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests."