2 Critical Vulnerabilities reported by Fortinet

Fortinet has reported 2 CRITICAL security vulnerabilities in FortiSIEM. These threats could lead to arbitrary command injection. We look at the details of these vulnerabilities below.

Salient points

  • Fortinet has revealed that there are two new CRITICAL vulnerabilities affecting the FortiSIEM supervisor module.
  • These vulnerabilities are related to CVE-2023-34992 reported in October 2023.
  • The latest security vulnerabilities are tracked as CVE-2024-23108 and CVE-2024-23109.
  • Fortinet has allocated a base CVSS score of 10 for both security vulnerabilities i.e. CVE-2024-23108 and CVE-2024-23109.
  • NIST has rated these 2 vulnerabilities with CVSS scores of 9.7.
  • Details of affected versions are listed below.
  • Fortinet has released security patches for resolving both security vulnerabilities.

FortiSIEM affected versions

Security vulnerabilities CVE-2024-23108 and CVE-2024-23109 affect the following FortiSIEM versions:

  • FortiSIEM version 7.1.0 through 7.1.1
  • FortiSIEM version 7.0.0 through 7.0.2
  • FortiSIEM version 6.7.0 through 6.7.8
  • FortiSIEM version 6.6.0 through 6.6.3
  • FortiSIEM version 6.5.0 through 6.5.2
  • FortiSIEM version 6.4.0 through 6.4.2

FortiSIEM Security patches

The following security patches have been released by Fortinet for resolving CVE-2024-23108 and CVE-2024-23109:

  • FortiSIEM version 7.1.0 through 7.1.1 – upgrade to FortiSIEM 7.1.2 or above
  • FortiSIEM version 7.0.0 through 7.0.2 – upgrade to FortiSIEM 7.0.3 or above
  • FortiSIEM version 6.7.0 through 6.7.8 – upgrade to FortiSIEM 6.7.9 or above
  • FortiSIEM version 6.6.0 through 6.6.3 – upgrade to FortiSIEM 6.6.5 or above
  • FortiSIEM version 6.5.0 through 6.5.2 – upgrade to FortiSIEM 6.5.3 or above
  • FortiSIEM version 6.4.0 through 6.4.2 – upgrade to FortiSIEM 6.4.4 or above

FortiSIEM vulnerabilities

The two security vulnerabilities CVE-2024-23108 and CVE-2024-23109 are related to CVE-2023-34992. A brief description of CVE-2023-34992 is listed below.

  • CVE-2023-34992 is a CVSS 9.8 CRITICAL vulnerability.
  • The threat CVE-2023-34992 is an improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2. An attacker can exploit the flaw to execute unauthorized code or commands via crafted API requests.

The current security vulnerabilities CVE-2024-23108 and CVE-2024-23109 can be aptly described as below:

“The vulnerabilities are due to improper neutralisation of special elements. By sending crafted API requests, a remote unauthenticated attacker could execute commands on the affected system.”

Exploitation status

It is believed that threat actors are actively exploiting the unpatched FortiOS deployments with CVE-2023-34992 vulnerability. The latest vulnerabilities are related to the flaws in CVE-2023-34992.

It is recommended to upgrade FortiSIEM with the latest security patches to take care of the CVE-2024-23108 and CVE-2024-23109 security vulnerabilities.

Related security stories

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.