February 7, 2024 at 08:32AM
NVD published two advisories regarding critical command injection vulnerabilities in Fortinet’s FortiSIEM products. However, it was revealed that the CVEs were duplicates of a known vulnerability issued in error. Fortinet has acknowledged this as a system-level error and is working on rectifying and withdrawing the erroneous entries. MITRE and other sources are expected to revoke the advisories, and teams that addressed the original CVE last year should not need further action. It’s recommended to review Fortinet’s latest advisory for safety. Last year, a patched OS Command Injection vulnerability, CVE-2023-34992, was disclosed in FortiSIEM supervisor. This is relevant in light of previous instances where Fortinet products were targeted by sophisticated hacker groups.
Key Takeaways from Meeting Notes:
– NVD published two advisories for critical command injection vulnerabilities purportedly impacting Fortinet’s FortiSIEM products, but it has been revealed that these CVEs are duplicates of a previously known vulnerability and were issued in error.
– Fortinet has confirmed that there is no new vulnerability in FortiSIEM in 2024.
– The two critical severity vulnerability advisories, CVE-2024-23108 and CVE-2024-23109, were issued in error and are duplicates of the original CVE-2023-34992.
– Fortinet stated that an issue with their API resulted in the creation of the two new CVEs, and they are working to rectify and withdraw the erroneous entries.
– MITRE, NVD, and other vulnerability intel sources are expected to revoke advisories for CVE-2024-23108 and CVE-2024-23109 shortly, and teams that have addressed CVE-2023-34992 in their environments should not need to take any further action.
– It is recommended to review Fortinet’s latest advisory on the CVE for safety.
– The now-patched CVE-2023-34992 is an OS Command Injection vulnerability in FortiSIEM supervisor that could allow unauthenticated remote attackers to execute unauthorized commands via crafted API requests.
– Fortinet products have been targeted by sophisticated, state-backed hacking groups, and there have been cases of exploitation to breach government networks.
– Last year, there were reports of bugs in Fortinet products being exploited by Iranian hackers to attack U.S. aeronautical firms and Chinese cyber-espionage clusters.
These are the key takeaways from the meeting notes, providing a clear summary of the significant points discussed.