Fortinet’s FortiSIEM product has recently been found to have two critical vulnerabilities that could allow for remote code execution [5]. These vulnerabilities, tracked under CVE-202423108 and CVE-202423109 [1] [3] [4], are command injection flaws that could enable unauthorized code execution through specially crafted API requests [1] [4].
Description
The affected versions of FortiSIEM include 710 through 711, 700 through 702, 670 through 678, 660 through 663, 650 through 652 [1] [2] [4], and 640 through 642 [1] [2] [4]. It is worth noting that these vulnerabilities may be related to a previous vulnerability discovered in October 2023. Fortinet has already alerted its customers about these vulnerabilities and strongly advises system administrators to upgrade to the recommended versions in order to mitigate the risks.
Conclusion
To ensure the security of their systems, it is crucial for FortiSIEM users to take immediate action. Upgrading to the recommended versions is strongly advised in order to mitigate the risks associated with these critical vulnerabilities. Fortinet has already notified its customers about the vulnerabilities and is actively working on addressing the issue. It is important for system administrators to stay informed and follow the recommended security measures to protect their networks.
References
[1] https://www.darkreading.com/vulnerabilities-threats/fortinet-fortisiem-hit-with-twin-max-severity-bugs
[2] https://avd.aquasec.com/nvd/2024/cve-2024-23108/
[3] https://securityonline.info/cve-2024-23108-cve-2024-23109-cvss-10-critical-command-injection-flaws-in-fortinet-fortisiem/
[4] https://zephyrnet.com/twin-max-severity-bugs-open-fortinets-siem-to-code-execution/
[5] https://cyber.vumetric.com/security-news/2024/02/06/double-trouble-for-fortinet-customers-as-pair-of-critical-vulns-found-in-fortisiem/
