Pierluigi Paganini February 07, 2024

Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM that could allow remote attackers to execute arbitrary code

Cybersecurity vendor Fortinet warned of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), which could lead to remote code execution.

“Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.” reads the advisory published by Fortinet.

The affected products are:

• FortiSIEM version 7.1.0 through 7.1.1
• FortiSIEM version 7.0.0 through 7.0.2
• FortiSIEM version 6.7.0 through 6.7.8
• FortiSIEM version 6.6.0 through 6.6.3
• FortiSIEM version 6.5.0 through 6.5.2
• FortiSIEM version 6.4.0 through 6.4.2

The CERT-EU also published an advisory for the above vulnerabilities:

“In February 2024, Fortinet quietly updated a 2023 advisory, joining two critical flows to the list of OS Command vulnerabilities affecting its FortiSIEM product. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to execute commands on the system.” reads the advisory published by CERT-EU. “Updating is recommended as soon as possible.”

The two issues are linked to the vulnerability CVE-2023-34992 (CVSS score 9.8), which was addressed in October 2023.

The flaw CVE-2023-34992 is an improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2. An attacker can exploit the flaw to execute unauthorized code or commands via crafted API requests.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, FortiSIEM)