Fortinet’s FortiSIEM solution has been hit by two vulnerabilities rated most critical at 10. The vulnerabilities allow hackers to perform remote code execution (RCE).
The Fortinet security information and event management (SIEM) platform FortiSIEM has been affected by two vulnerabilities that have been given the most critical CVE score of 10. FortiSIEM is considered an important application for work within Security Operations Centers.
Specifically, the two vulnerabilities are CVE-2024-23108 and CVE-2024-23109. They’re responsible for command injection flaws, which allow hackers to use custom API requests to execute unauthorized code. Other details about both vulnerabilities are not yet known.
The vulnerabilities both affect the ForitSIEM solution in versions 7.0.0./7.1.0/ 7.1.1, 6.7.0 to 6.7.8, 6.6.0 to 6.6.3, 6.5.0 to 6.5.2, 6.4.0 to 6.4.2.
In an advisory about the vulnerabilities found, Fortinet itself refers to a similar vulnerability already found last year. CVE-2023-34992 for FortiSIEM also has similar characteristics to the newly revealed vulnerabilities.
In its advisory, Fortinet advises customers of its FortiSIEM solution to update to the latest versions.
Fortinet was also in the news this week as Chinese cyber spies exploited a flaw in a FortiGate firewall to infiltrate the Ministry of Defense.