Two New FortiSIEM max-severity Flaw Let Attackers Execute Remote Code

FortiSIEM has been discovered with multiple OS command injection vulnerabilities, which could allow an unauthenticated remote threat actor to execute unauthorized commands on FortiSIEM via crafted API requests.

The CVEs for these vulnerabilities have been assigned with CVE-2024-23108 and CVE-2024-23109. The severity of these vulnerabilities was given as critical (>=9.8). However, Fortiguard has fixed all the vulnerabilities.

Fortinet has provided a link to its own advisory to furnish additional information. However, when users attempt to access the link, they are directed to an outdated issue that was previously addressed in early October 2023. It is recommended that users seek alternative sources of information until an updated advisory is made available.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

CVE-2024-23108 & CVE-2024-23109: Improper Neutralization of Special Elements

These vulnerabilities exist due to an improper neutralization in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2. 

These vulnerabilities will allow a threat actor to execute unauthorized code or commands through specially crafted API requests. These vulnerabilities were credited to Zach Hanley from Horizon3.ai. The severity for these vulnerabilities was given as 10.0 (Critical).

CVE-2023-34992: Improper Neutralization of Special Elements

This vulnerability was also related to an OS command injection in Fortinet FortiSIEM that could allow an unauthenticated attacker to execute unauthorized codes or commands through crafted API requests. The severity for this vulnerability has been given as 9.8 (Critical).

Affected Products and Fixed in Version

Affected ProductsFixed in Version
FortiSIEM version 7.1.0 through 7.1.1FortiSIEM version 7.0.0 through 7.0.2FortiSIEM version 6.7.0 through 6.7.8FortiSIEM version 6.6.0 through 6.6.3FortiSIEM version 6.5.0 through 6.5.2FortiSIEM version 6.4.0 through 6.4.2FortiSIEM version 7.1.2 or aboveFortiSIEM version 7.2.0 or aboveFortiSIEM version 7.0.3 or aboveFortiSIEM version 6.7.9 or aboveFortiSIEM version 6.6.5 or aboveFortiSIEM version 6.5.3 or aboveFortiSIEM version 6.4.4 or above

Fortiguard has released a security advisory to address these vulnerabilities. Users of these products are recommended to upgrade to the latest version of FortiSIEM to prevent these vulnerabilities from getting exploited by threat actors.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.