CVE-2023-40723 – This vulnerability in Fortinet FortiSIEM allows... (How to Fix)

Q: What is the severity of CVE-2023-40723?

CVE-2023-40723 has a CVSS score of 8.1 (HIGH). This vulnerability in Fortinet FortiSIEM allows attackers to execute unauthorized code or commands via API requests, potentially leading to full system compromise. It affects multiple versions across the FortiSIEM product line, exposing sensitive information to unauthorized actors.

📋 TL;DR

This vulnerability in Fortinet FortiSIEM allows attackers to execute unauthorized code or commands via API requests, potentially leading to full system compromise. It affects multiple versions across the FortiSIEM product line, exposing sensitive information to unauthorized actors.

💻 Affected Systems

Products:

Fortinet FortiSIEM

Versions: 6.7.0-6.7.4, 6.6.0-6.6.3, 6.5.0-6.5.1, 6.4.0-6.4.2, 6.3.0-6.3.3, 6.2.0-6.2.1, 6.1.0-6.1.2, 5.4.0, 5.3.0-5.3.3, 5.2.5-5.2.8, 5.2.1-5.2.2, 5.1.0-5.1.3

Operating Systems: FortiSIEM appliance OS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker gaining administrative privileges, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Unauthorized command execution leading to data exposure, privilege escalation, and lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation, API access controls, and monitoring detecting anomalous API requests.

🌐 Internet-Facing: HIGH - If FortiSIEM API is exposed to the internet, attackers can directly exploit without internal access.

🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires API access but no authentication. Attackers need network access to the FortiSIEM API endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Upgrade to FortiSIEM 6.7.5 or later, or apply vendor-provided patches for affected versions

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-23-117

Restart Required: No

Instructions:

1. Review Fortinet advisory FG-IR-23-117. 2. Download appropriate patch from Fortinet support portal. 3. Apply patch following vendor instructions. 4. Verify patch application and system functionality.

🔧 Temporary Workarounds

Restrict API Access

all

Limit network access to FortiSIEM API endpoints using firewall rules or network segmentation

Monitor API Activity

all

Implement enhanced logging and monitoring of all API requests to FortiSIEM

🧯 If You Can't Patch

Implement strict network segmentation to isolate FortiSIEM from untrusted networks
Deploy web application firewall (WAF) with specific rules to block malicious API requests

🔍 How to Verify

Check if Vulnerable:

Check FortiSIEM version via web interface or CLI. If version matches affected range, system is vulnerable.

Check Version:

ssh admin@fortisiem-host 'show version' or check via web interface under System > Status

Verify Fix Applied:

Verify version is updated to patched version (6.7.5+ or vendor-provided patch version). Test API functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Unusual API request patterns
Unauthorized command execution attempts
Abnormal process creation from FortiSIEM services

Network Indicators:

Suspicious traffic to FortiSIEM API ports (typically 443)
Unusual outbound connections from FortiSIEM system

SIEM Query:

source="fortisiem" AND (event_type="api_request" AND (method="POST" OR method="PUT") AND (uri CONTAINS "/api/" AND NOT user_agent="normal-client"))

📊 Metadata

CVE ID: CVE-2023-40723

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-200

EPSS Score: 0.15% exploit probability (34.9th percentile)

Published: March 11, 2025

Last Updated: July 22, 2025

🔗 References

https://fortiguard.com/psirt/FG-IR-23-117 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40723, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict API Access

Monitor API Activity

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities