Fortinet’s FortiSIEM solution has been hit by two vulnerabilities rated most critical at 10. The vulnerabilities allow hackers to perform remote code execution (RCE).
The Fortinet security information and event management (SIEM) platform FortiSIEM has been affected by two vulnerabilities that have been given the most critical CVE score of 10. FortiSIEM is considered an important application for work within Security Operations Centers.
Two vulnerabilities
Specifically, the two vulnerabilities are CVE-2024-23108 and CVE-2024-23109. They’re responsible for command injection flaws, which allow hackers to use custom API requests to execute unauthorized code. Other details about both vulnerabilities are not yet known.
The vulnerabilities both affect the ForitSIEM solution in versions 7.0.0./7.1.0/ 7.1.1, 6.7.0 to 6.7.8, 6.6.0 to 6.6.3, 6.5.0 to 6.5.2, 6.4.0 to 6.4.2.
Fortinet Advisory
In an advisory about the vulnerabilities found, Fortinet itself refers to a similar vulnerability already found last year. CVE-2023-34992 for FortiSIEM also has similar characteristics to the newly revealed vulnerabilities.
In its advisory, Fortinet advises customers of its FortiSIEM solution to update to the latest versions.
Fortinet was also in the news this week as Chinese cyber spies exploited a flaw in a FortiGate firewall to infiltrate the Ministry of Defense.
Read more: How Chinese cyber spies targeted the Dutch Ministry of Defense
2 days ago
