Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2024-23108

Published: 05/02/2024 Updated: 07/02/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Fortinet

Vulnerability Summary

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 up to and including 7.1.1 and 7.0.0 up to and including 7.0.2 and 6.7.0 up to and including 6.7.8 and 6.6.0 up to and including 6.6.3 and 6.5.0 up to and including 6.5.2 and 6.4.0 up to and including 6.4.2 allows malicious user to execute unauthorized code or commands via via crafted API requests.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortisiem

fortinet fortisiem 7.1.1

fortinet fortisiem 7.1.0

Recent Articles

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Admins should get a move on while info is scarce and exploits aren't yet available

Fortinet's FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by unauthenticated attackers, are low in complexity, and require no user interaction to pull off. In registering the CVE identities for the vulnerabilities, Fortinet linked to its own advisory to provide more informa...

Read more...
Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources An orchestra of fails for the security vendor

We've had to write the word "Fortinet" so often lately that we're considering making a macro just to make our lives a little easier after what the company's reps will surely agree has been a week sent from hell. It all culminated this Friday with the disclosure of yet another critical security vulnerability in FortiOS, impacting its SSL VPN. Tracked as CVE-24-21762, the 9.6 severity out-of-bounds write issue allows for remote unauthenticated attackers to achieve code execution. There's also evid...

Read more...

References

CWE-78https://fortiguard.com/psirt/FG-IR-23-130https://nvd.nist.govhttps://www.theregister.co.uk/2024/02/06/fortinet_fortisiem_vulns/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook