Critical Vulnerabilities in FortiSIEM

Published on 30 May 2024

Fortinet has released updates addressing critical vulnerabilities (CVE-2024-23108 and CVE-2024-23109) affecting their FortiSIEM products. The vulnerabilities have a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Successful exploitation of the remote code execution vulnerabilities in FortiSIEM could allow an unauthenticated attacker to perform remote code execution via specially crafted Application Programming Interface (API) requests.

The vulnerabilities affect the following product versions:

  • FortiSIEM version 7.1.0 through 7.1.1
  • FortiSIEM version 7.0.0 through 7.0.2
  • FortiSIEM version 6.7.0 through 6.7.8
  • FortiSIEM version 6.6.0 through 6.6.3
  • FortiSIEM version 6.5.0 through 6.5.2
  • FortiSIEM version 6.4.0 through 6.4.2

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now/

https://www.fortiguard.com/psirt/FG-IR-23-130

Tags
Alerts Alerts & Advisories
Share