Two New FortiSIEM Max-severity Flaw Let Attackers Execute Remote Code
FortiSIEM has been figured out with more than one OS instruct injection vulnerabilities, which might presumably enable an unauthenticated faraway threat actor to blueprint unauthorized commands on FortiSIEM by the employ of crafted API requests.
The CVEs for these vulnerabilities were assigned with CVE-2024-23108 and CVE-2024-23109. The severity of those vulnerabilities used to be given as necessary (>=9.8). Nonetheless, Fortiguard has mounted the total vulnerabilities.
Fortinet has offered a link to its indulge in advisory to furnish further knowledge. Nonetheless, when users strive to access the link, they are directed to an outdated find 22 situation that used to be previously addressed in early October 2023. It’s truly helpful that users overview different sources of knowledge unless an up to this point advisory is made on hand.
AI-Powered Protection for Industry Electronic mail Security
Trustifi’s Developed threat safety prevents the widest spectrum of sophisticated assaults earlier than they attain a individual’s mailbox. Are trying Trustifi Free Possibility Scan with Sophisticated AI-Powered Electronic mail Protection .
CVE-2024-23108 & CVE-2024-23109: Corrupt Neutralization of Special Factors
These vulnerabilities exist resulting from an scandalous neutralization in Fortinet FortiSIEM model 7.1.0 via 7.1.1 and 7.0.0 via 7.0.2 and 6.7.0 via 6.7.8 and 6.6.0 via 6.6.3 and 6.5.0 via 6.5.2 and 6.4.0 via 6.4.2.
These vulnerabilities will enable a threat actor to blueprint unauthorized code or commands via particularly crafted API requests. These vulnerabilities were credited to Zach Hanley from Horizon3.ai. The severity for these vulnerabilities used to be given as 10.0 (Serious).
CVE-2023-34992: Corrupt Neutralization of Special Factors
This vulnerability used to be furthermore related to an OS instruct injection in Fortinet FortiSIEM that will enable an unauthenticated attacker to blueprint unauthorized codes or commands via crafted API requests. The severity for this vulnerability has been given as 9.8 (Serious).
Affected Products and Fixed in Version
| Affected Products | Fixed in Version |
| FortiSIEM model 7.1.0 via 7.1.1FortiSIEM model 7.0.0 via 7.0.2FortiSIEM model 6.7.0 via 6.7.8FortiSIEM model 6.6.0 via 6.6.3FortiSIEM model 6.5.0 via 6.5.2FortiSIEM model 6.4.0 via 6.4.2 | FortiSIEM model 7.1.2 or aboveFortiSIEM model 7.2.0 or aboveFortiSIEM model 7.0.3 or aboveFortiSIEM model 6.7.9 or aboveFortiSIEM model 6.6.5 or aboveFortiSIEM model 6.5.3 or aboveFortiSIEM model 6.4.4 or above |
Fortiguard has launched a security advisory to accommodate these vulnerabilities. Customers of those merchandise are truly helpful to upgrade to basically the latest model of FortiSIEM to remain these vulnerabilities from getting exploited by threat actors.
Source credit : cybersecuritynews.com
