Title: Multiple Critical Vulnerabilities Found in FortiSIEM; Fortinet Urges Users to Upgrade
FortiSIEM, an IT security intelligence and event management solution by Fortinet, has been discovered to have multiple OS command injection vulnerabilities. These vulnerabilities, assigned with CVE-2024-23108 and CVE-2024-23109, could potentially allow remote threat actors to execute unauthorized commands on FortiSIEM through crafted API requests. The severity of these vulnerabilities has been classified as critical (>=9.8).
However, Fortiguard, the security team at Fortinet, has promptly addressed and fixed all the identified vulnerabilities. They have released a security advisory urging users to upgrade to the latest version of FortiSIEM to safeguard against potential exploitation.
Although Fortinet has provided a link to an advisory for additional information, users attempting to access the link are redirected to an outdated issue that was previously resolved in early October 2023. Therefore, it is advised that users seek alternative sources of information until an updated advisory is made available.
The vulnerabilities, officially categorized as “Improper Neutralization of Special Elements,” arise from an incorrect neutralization issue in various versions of FortiSIEM, namely 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
These vulnerabilities empower threat actors to execute unauthorized code or commands using specially crafted API requests. Credit for discovering these vulnerabilities goes to Zach Hanley from Horizon3.ai. The severity rating for these vulnerabilities is 10.0, denoting their critical nature.
Additionally, there is another OS command injection vulnerability with the CVE identifier CVE-2023-34992, also affecting Fortinet FortiSIEM. This vulnerability allows unauthenticated attackers to execute unauthorized code or commands through crafted API requests. Its severity is rated as 9.8, also classified as critical.
Fortinet has provided a list of affected FortiSIEM versions and the corresponding fixed versions. Users are strongly advised to upgrade their FortiSIEM installations to the recommended fixed versions to mitigate any potential risks associated with these vulnerabilities.
To stay updated on cybersecurity news, whitepapers, and infographics, users can follow Fortinet on LinkedIn and Twitter.
