Critical Code Execution Vulnerabilities Uncovered in Fortinet's FortiSIEMCritical Code Execution Vulnerabilities Discovered in Fortinet's FortiSIEM Platform

Two high-severity vulnerabilities with a maximum CVSS score of 10 have been identified within Fortinet’s FortiSIEM cybersecurity operations platform.

These vulnerabilities, assigned CVE-2024-23108 and CVE-2024-23109, are classified as command injection flaws. They pose a significant risk as threat actors could potentially exploit them through crafted API requests to execute unauthorized code.

FortiSIEM serves as Fortinet’s security information and event management (SIEM) platform, crucial for managing cybersecurity operations in enterprises.

Impacted versions of FortiSIEM include:

  • Version 7.1.0 through 7.1.1
  • Version 7.0.0 through 7.0.2
  • Version 6.7.0 through 6.7.8
  • Version 6.6.0 through 6.6.3
  • Version 6.5.0 through 6.5.2
  • Version 6.4.0 through 6.4.2, according to CVE entries.

Interestingly, Fortinet’s provided link redirects to an earlier vulnerability report from October 2023, hinting at a possible connection between the two incidents. The previous vulnerability received a CVSS score of 9.7.

Despite inquiries for additional information, Fortinet has yet to respond to queries from Dark Reading.

 

Ref :https://www.darkreading.com/vulnerabilities-threats/fortinet-fortisiem-hit-with-twin-max-severity-bugs https://techcrunch.com/2024/01/31/ivanti-patches-two-zero-days-under-attack-but-finds-another/

Translate »
This website uses cookies and asks your personal data to enhance your browsing experience.