Fortinet FortiSIEM Vulnerability Allows Attackers to Execute Unauthorized Code or Commands via API Requests

CVE-2024-23108

What is CVE-2024-23108?

The vulnerability CVE-2024-23108 in Fortinet's FortiSIEM allows for remote, unauthenticated command execution as root. The vulnerability affects multiple versions of FortiSIEM and has a critical CVSS3 score of 10.0. A proof-of-concept (PoC) exploit has been released, and Fortinet users are advised to apply the latest patches and review their system logs for signs of compromise. Exploitation of the vulnerability can lead to remote code execution as root, and it is important for organizations to address this issue promptly. Although it has not been exploited by ransomware groups, the potential impact of this vulnerability is severe.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

Help Net Security

CVE-2024-24919CVE-2024-23108

Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RansomLord: Open-source anti-ransomware exploit tool

Red Hot Cyber

CVE-2024-23108CVE-2024-23109

Le vulnerabilità critiche nei dispositivi FortiSIEM, macOS e Glibc

Le vulnerabilità scoperte possono avere conseguenze devastanti per la privacy e l'integrità dei dati, oltre che per la continuità operativa.

More News...

References