Twin Max-Severity Bugs Open Fortinet's SIEM to Code Execution

Two critical vulnerabilities in Fortinet’s FortiSIEM product have been assigned provisional CVSS scores of 10. However, details about the bugs remain scant.

What is known is that the vulnerabilities, tracked under CVE-2024-23108 and CVE-2024-23109, are command injection flaws that could potentially let threat actors use crafted API requests to execute unauthorized code.

FortiSIEM is Fortinet’s security information and event management (SIEM) platform, used for enabling enterprise cybersecurity operations centers.

FortiSIEM versions impacted by the flaws include version 7.1.0 through 7.1.1; 7.0.0 through 7.0.2; 6.7.0 through 6.7.8; 6.6.0 through 6.6.3; 6.5.0 through 6.5.2; and 6.4.0 through 6.4.2, according to the CVE entries.

Twin Max-Severity Bugs Open Fortinet's SIEM to Code Execution

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Twin Max-Severity Bugs Open Fortinet's SIEM to Code Execution

07-Feb-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address