February 7, 2024 at 07:57PM
Fortinet warns of two unpatched patch bypasses, tracked as CVE-2024-23108 and CVE-2024-23109, for the critical remote code execution vulnerability in FortiSIEM. Originally considered duplicates, Fortinet now confirms they are valid variants of the original flaw, CVE-2023-34992. Upcoming FortiSIEM versions will address these vulnerabilities, so immediate upgrading is strongly recommended.
Based on the meeting notes, the key takeaways are as follows:
– Fortinet recently announced two new unpatched patch bypasses (CVE-2024-23108 and CVE-2024-23109) for a critical remote code execution vulnerability in FortiSIEM, its SIEM solution. These bypasses are variants of the original flaw (CVE-2023-34992) discovered by a vulnerability expert.
– Both new variants have the same description as the original flaw, allowing unauthenticated attackers to execute unauthorized commands via crafted API requests.
– The original flaw (CVE-2023-34992) was fixed in a previous FortiSIEM release, while the new variants will be fixed or have been fixed in upcoming FortiSIEM versions, including versions 7.1.2 and above.
– It is essential to upgrade to the specified FortiSIEM versions as soon as they become available due to the critical nature of the flaw and the potential targeting of Fortinet flaws by threat actors, including ransomware gangs.
– BleepingComputer is awaiting a response from Fortinet regarding the release dates of the other versions.
These are the main points summarized from the meeting notes regarding the Fortinet vulnerabilities and their implications for FortiSIEM users.