{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2024-017.pdf" }, "title": "Critical Vulnerabilites in FortiSIEM", "serial_number": "2024-017", "publish_date": "06-02-2024 20:55:18", "description": "In February 2024, Fortinet quietly updated a 2023 advisory, joining two critical flows to the list of OS Command vulnerabilities affecting its FortiSIEM product. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to execute commands on the system.
\nUpdating is recommended as soon as possible.
\n", "url_title": "2024-017", "content_markdown": "---\ntitle: 'Critical Vulnerabilites in\u00a0FortiSIEM'\nnumber: '2024-017'\nversion: '1.0'\noriginal_date: 'February 6, 2024'\ndate: 'February 6, 2024'\n---\n\n_History:_\n\n* _06/02/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nIn February 2024, Fortinet quietly updated a 2023 advisory [1], joining two critical flows to the list of OS Command vulnerabilities affecting its FortiSIEM product. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to execute commands on the system.\n\nUpdating is recommended as soon as possible.\n\n# Technical Details\n\nThe vulnerabilities **CVE-2024-23108** and **CVE-2024-23109**, both with a provisional **CVSS score of 10 out of 10**, are due to improper neutralisation of special elements. By sending crafted API requests, a remote unauthenticated attacker could execute commands on the affected system.\n\nOn October 10, 2023, Fortinet released the initial version of the advisory regarding a similar vulnerability tracked as **CVE-2023-34992** with a **CVSS score 9.7**.\n\n# Affected Products\n\nThe following product versions are affected:\n\n- version 7.1.0 through 7.1.1 (fixed in 7.1.2);\n- version 7.0.0 through 7.0.2 (fixed in 7.0.3);\n- version 6.7.0 through 6.7.8 (fixed in 6.7.9);\n- version 6.6.0 through 6.6.3 (fixed in 6.6.5);\n- version 6.5.0 through 6.5.2 (fixed in 6.5.3);\n- version 6.4.0 through 6.4.2 (fixed in 6.4.4).\n\n# Recommendations\n\nCERT-EU recommends upgrading to a non-vulnerable version of the product.\n\n# References\n\n[1] \n", "content_html": "

History:

Summary

In February 2024, Fortinet quietly updated a 2023 advisory [1], joining two critical flows to the list of OS Command vulnerabilities affecting its FortiSIEM product. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to execute commands on the system.

Updating is recommended as soon as possible.

Technical Details

The vulnerabilities CVE-2024-23108 and CVE-2024-23109, both with a provisional CVSS score of 10 out of 10, are due to improper neutralisation of special elements. By sending crafted API requests, a remote unauthenticated attacker could execute commands on the affected system.

On October 10, 2023, Fortinet released the initial version of the advisory regarding a similar vulnerability tracked as CVE-2023-34992 with a CVSS score 9.7.

Affected Products

The following product versions are affected:

Recommendations

CERT-EU recommends upgrading to a non-vulnerable version of the product.

References

[1] https://www.fortiguard.com/psirt/FG-IR-23-130

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }