Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Fortinet’s FortiSIEM Product
Alerts

Critical Vulnerability in Fortinet’s FortiSIEM Product

17 November 2023

Fortinet has released security updates to address a critical vulnerability (CVE-2023-36553) in their FortiSIEM report server.

Successful exploitation of the OS command vulnerability could allow a remote unauthenticated attacker to execute commands through specially crafted API requests.

The vulnerability affects products that use FortiSIEM versions from 4.7 through 5.4 inclusive.

Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

More information is available at:

https://www.fortiguard.com/psirt/FG-IR-23-135
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-command-injection-bug-in-fortisiem/ 

Back to top