Twin Max-Severity Bugs Open Fortinets SIEM to Code Execution

  /     /     /  
Publicated : 23/11/2024   Category : security


Twin Max-Severity Bugs Open Fortinets SIEM to Code Execution


Full 10s on the CVSS vulnerability severity scale have been assigned to two flaws discovered in Fortinets FortiSIEM cybersecurity operations platform.



Two critical vulnerabilities in Fortinets FortiSIEM product have been assigned provisional CVSS scores of 10. However, details about the bugs remain scant.
What is known is that the vulnerabilities, tracked under
CVE-2024-23108
and
CVE-2024-23109
, are command injection flaws that could potentially let threat actors use crafted API requests to execute unauthorized code.
FortiSIEM is Fortinets security information and event management (SIEM) platform, used for enabling enterprise cybersecurity operations centers.
FortiSIEM versions impacted by the flaws include version 7.1.0 through 7.1.1; 7.0.0 through 7.0.2; 6.7.0 through 6.7.8; 6.6.0 through 6.6.3; 6.5.0 through 6.5.2; and 6.4.0 through 6.4.2, according to the CVE entries.
The link Fortinet provided for information on the flaws leads to a write-up on
another FortiSIEM vulnerability
from October 2023, suggesting there might be a link between that bug and these new discoveries. The previous flaw was assigned a CVSS score of 9.7.
Dark Reading asked Fortinet for additional details but has not yet received a response.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Twin Max-Severity Bugs Open Fortinets SIEM to Code Execution