Critical Vulnerabilities in FortiSIEM (CVE-2024-23108 and CVE-2024-23109)

Fortinet has released a patch to fix two critical vulnerabilities (CVE-2024-23108 and CVE-2024-23109) in its FortiSIEM product that can be used to execute unauthorized code.

Based on the official report, these vulnerabilities are classified as Critical with a maximum CVSS Score of 10.

While these two vulnerabilities have been disclosed recently, it’s worth noting that Fortinet linked it to an advisory released last October 2023(FG-IR-23-130).

_____________________________

A. Nature of Vulnerabilities

CVE-2024-23108 and CVE-2024-23109

An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests.

_____________________________

B. Affected Version

FortiSIEM version 7.1.0 through 7.1.1
FortiSIEM version 7.0.0 through 7.0.2
FortiSIEM version 6.7.0 through 6.7.8
FortiSIEM version 6.6.0 through 6.6.3
FortiSIEM version 6.5.0 through 6.5.2
FortiSIEM version 6.4.0 through 6.4.2

_____________________________

C. Actions to be Taken

CERT-PH recommends the following actions be taken:

Kindly review and apply the necessary updates to mitigate future threats.
For additional information, kindly refer to the official report
- https://www.fortiguard.com/psirt/FG-IR-23-130
- https://www.cve.org/CVERecord?id=CVE-2024-23108
- https://www.cve.org/CVERecord?id=CVE-2024-23109