Twin Max-Severity Bugs Open Fortinet's SIEM to Code ExecutionTwin Max-Severity Bugs Open Fortinet's SIEM to Code Execution

Full 10s on the CVSS vulnerability severity scale have been assigned to two flaws discovered in Fortinet's FortiSIEM cybersecurity operations platform.

Becky Bracken, Senior Editor, Dark Reading

February 6, 2024

1 Min Read
Fortinet sign on office building
Source: Thomas Kyhn via Alamy Stock Photo

Two critical vulnerabilities in Fortinet's FortiSIEM product have been assigned provisional CVSS scores of 10. However, details about the bugs remain scant.

What is known is that the vulnerabilities, tracked under CVE-2024-23108 and CVE-2024-23109, are command injection flaws that could potentially let threat actors use crafted API requests to execute unauthorized code.

FortiSIEM is Fortinet's security information and event management (SIEM) platform, used for enabling enterprise cybersecurity operations centers.

FortiSIEM versions impacted by the flaws include version 7.1.0 through 7.1.1; 7.0.0 through 7.0.2; 6.7.0 through 6.7.8; 6.6.0 through 6.6.3; 6.5.0 through 6.5.2; and 6.4.0 through 6.4.2, according to the CVE entries.

The link Fortinet provided for information on the flaws leads to a write-up on another FortiSIEM vulnerability from October 2023, suggesting there might be a link between that bug and these new discoveries. The previous flaw was assigned a CVSS score of 9.7.

Dark Reading asked Fortinet for additional details but has not yet received a response.

About the Author

Becky Bracken, Senior Editor, Dark Reading

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

See more from Becky Bracken, Senior Editor, Dark Reading
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Five heads on matchsticks; flames grew higher toward the right of image
Cybersecurity Operations
Analyst Burnout Is an Advanced Persistent ThreatAnalyst Burnout Is an Advanced Persistent Threat
byWilliam MacMillan
Feb 10, 2025
4 Min Read
A finger touching DeepSeek's logo on a screen
Application Security
DeepSeek Jailbreak Reveals Its Entire System PromptDeepSeek Jailbreak Reveals Its Entire System Prompt
byNate Nelson, Contributing Writer
Jan 31, 2025
5 Min Read
A person's hand on a computer keyboard
Endpoint Security
Crisis Simulations: A Top 2025 Concern for CISOsCrisis Simulations: A Top 2025 Concern for CISOs
byKristina Beek, Associate Editor, Dark Reading
Jan 27, 2025
2 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events