Fortinet FortiSIEM Vulnerability Allows Attackers to Execute Unauthorized Code or Commands via Crafted API Requests
Key Information
- Vendor
- Fortinet
- Status
- FortiSIEM
- Vendor
- CVE Published:
- 10 October 2023
Badges
Summary
The Fortinet FortiSIEM has been affected by a vulnerability (CVE-2023-34992) that allows attackers to execute unauthorized code or commands through crafted API requests. This particular exploit has already been confirmed to be used by attackers and is considered critical. Multiple improper neutralization of special elements used in an OS Command vulnerability was discovered in the FortiSIEM supervisor, allowing remote unauthenticated attackers to execute unauthorized commands via specially crafted API requests. In addition, Fortinet also recently discovered two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM--CVE-2024-23108 and CVE-2024-23109. These bypasses are variants of the original flaw (CVE-2023-34992), allowing unauthenticated attackers to execute commands via specially crafted API requests. The company has announced upcoming versions where these variants will be fixed, and it is strongly advised to upgrade to these versions when they become available to minimize the risk of exploitation. The active exploitation of these vulnerabilities poses a significant risk as attackers can gain unauthorized access and control over affected systems, potentially leading to data breaches, system compromise, and the spread of malware. It's important for organizations using FortiSIEM to promptly upgrade to the upcoming versions to mitigate these risks. These vulnerabilities have been known to be used by threat actors and warrant timely patching to protect against these advanced cyber threats.
Affected Version(s)
FortiSIEM = 7.0.0
FortiSIEM <= 6.7.5
FortiSIEM <= 6.6.3
News Articles
Help Net Security CVE-2024-23108CVE-2023-34992PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) - Help Net Security
PoC exploits for CVE-2024-23108 and CVE-2023-34992, critical vulnerabilities affecting Fortinet FortiSIEM appliances, are public.
4 months ago
CybersecurityNews CVE-2024-23108CVE-2023-34992PoC Exploit Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
A PoC exploit has been released for a critical vulnerability in Fortinet's FortiSIEM. the article delves into the details of vulnerability.
4 months ago
New Fortinet FortiSIEM flaws evading patches for older RCE reported
Fortinet has reported that its FortiSIEM solution is impacted by two new vulnerabilities that circumvent fixes issued for a critical remote code execution flaw, tracked as CVE-2023-34992, after mistakenly disclosing the newly identified issues as duplicates of the older bug, according to BleepingCom...
4 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by SecurityWeek
Vulnerability published.
Vulnerability Reserved.