Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Twin Max-Severity Bugs Open Fortinet's SIEM to Code Execution
Full 10s on the CVSS vulnerability severity scale have been assigned to two flaws discovered in Fortinet's FortiSIEM cybersecurity operations platform.
Becky Bracken, Senior Editor, Dark Reading
February 6, 2024
1 Min Read
Source: Thomas Kyhn via Alamy Stock Photo
Two critical vulnerabilities in Fortinet's FortiSIEM product have been assigned provisional CVSS scores of 10. However, details about the bugs remain scant.
What is known is that the vulnerabilities, tracked under CVE-2024-23108 and CVE-2024-23109, are command injection flaws that could potentially let threat actors use crafted API requests to execute unauthorized code.
FortiSIEM is Fortinet's security information and event management (SIEM) platform, used for enabling enterprise cybersecurity operations centers.
FortiSIEM versions impacted by the flaws include version 7.1.0 through 7.1.1; 7.0.0 through 7.0.2; 6.7.0 through 6.7.8; 6.6.0 through 6.6.3; 6.5.0 through 6.5.2; and 6.4.0 through 6.4.2, according to the CVE entries.
The link Fortinet provided for information on the flaws leads to a write-up on another FortiSIEM vulnerability from October 2023, suggesting there might be a link between that bug and these new discoveries. The previous flaw was assigned a CVSS score of 9.7.
Dark Reading asked Fortinet for additional details but has not yet received a response.
About the Author
You May Also Like
More Insights
Webinars
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024
Events
