Fortinet FortiSIEM Vulnerability Allows Attackers to Execute Unauthorized Code or Commands via Crafted API Requests
CVE-2023-34992
Key Information:
Badges
Summary
An OS command injection vulnerability exists in Fortinet FortiSIEM versions that allows attackers to exploit improper neutralization of special elements in crafted API requests. This vulnerability enables the execution of unauthorized code or commands on the affected systems, potentially leading to significant security risks. Organizations using affected versions are advised to review their configurations and apply the necessary patches as outlined in Fortinet's security advisory.
Affected Version(s)
FortiSIEM 7.0.0
FortiSIEM 6.7.0 <= 6.7.5
FortiSIEM 6.6.0 <= 6.6.3
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
Help Net SecurityPoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) - Help Net Security
PoC exploits for CVE-2024-23108 and CVE-2023-34992, critical vulnerabilities affecting Fortinet FortiSIEM appliances, are public.
8 months ago
CybersecurityNewsPoC Exploit Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
A PoC exploit has been released for a critical vulnerability in Fortinet's FortiSIEM. the article delves into the details of vulnerability.
8 months ago
New Fortinet FortiSIEM flaws evading patches for older RCE reported
Fortinet has reported that its FortiSIEM solution is impacted by two new vulnerabilities that circumvent fixes issued for a critical remote code execution flaw, tracked as CVE-2023-34992, after mistakenly disclosing the newly identified issues as duplicates of the older bug, according to BleepingCom...
8 months ago
References
CVSS V3.1
Timeline
- πΎ
Exploit known to exist
- π°
First article discovered by SecurityWeek
Vulnerability published
Vulnerability Reserved