CVE-2024-23109

Exploit released for maximum severity Fortinet RCE bug, patch now By Sergiu Gatlan May 28, 2024 12:16 PM 0 ​Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February. Tracked as CVE-2024-23108, this security flaw is a command injection vulnerability discovered and reported by Horizon3 vulnerability expert Zach Hanley that enables remote command e...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Admins should get a move on while info is scarce and exploits aren't yet available

Fortinet's FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by unauthenticated attackers, are low in complexity, and require no user interaction to pull off. In registering the CVE identities for the vulnerabilities, Fortinet linked to its own advisory to provide more informa...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources An orchestra of fails for the security vendor

We've had to write the word "Fortinet" so often lately that we're considering making a macro just to make our lives a little easier after what the company's reps will surely agree has been a week sent from hell. It all culminated this Friday with the disclosure of yet another critical security vulnerability in FortiOS, impacting its SSL VPN. Tracked as CVE-24-21762, the 9.6 severity out-of-bounds write issue allows for remote unauthenticated attackers to achieve code execution. There's also evid...