Fortinet has released a patch to fix two critical vulnerabilities (CVE-2024-23108 and CVE-2024-23109) in its FortiSIEM product that can be used to execute unauthorized code.

Based on the official report, these vulnerabilities are classified as Critical with a maximum CVSS Score of 10.

While these two vulnerabilities have been disclosed recently, it’s worth noting that Fortinet linked it to an advisory released last October 2023(FG-IR-23-130).

A. Nature of Vulnerabilities

CVE-2024-23108 and CVE-2024-23109

  • An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests.
  • FortiSIEM version 7.1.0 through 7.1.1
  • FortiSIEM version 7.0.0 through 7.0.2
  • FortiSIEM version 6.7.0 through 6.7.8
  • FortiSIEM version 6.6.0 through 6.6.3
  • FortiSIEM version 6.5.0 through 6.5.2
  • FortiSIEM version 6.4.0 through 6.4.2

CERT-PH recommends the following actions be taken:

  • Kindly review and apply the necessary updates to mitigate future threats.
  • For additional information, kindly refer to the official report
    • https://www.fortiguard.com/psirt/FG-IR-23-130
    • https://www.cve.org/CVERecord?id=CVE-2024-23108
    • https://www.cve.org/CVERecord?id=CVE-2024-23109