May 29, 2024 at 02:10PM
A critical vulnerability in Fortinet’s FortiSIEM product, CVE-2024-23108, poses a significant risk for potential exploitation. Dubbed “NodeZero” by researchers at Horizon3AI, the exploit enables unauthorized remote code execution on vulnerable appliances. Users of affected versions should patch immediately to mitigate the risk and prevent compromise.
Based on the meeting notes, here are the key takeaways:
– A critical vulnerability, tracked under CVE-2024-23108, has been disclosed and patched in Fortinet’s FortiSIEM product, along with a related bug, CVE-2024-23109. Both carry max-severity scores of 10 on the CVSS scale and are unauthenticated command injection flaws that could potentially lead to remote code execution (RCE) through crafted API requests.
– The exploit, named “NodeZero” by Horizon3AI, allows users to execute commands as root on vulnerable FortiSIEM appliances and was used in a proof-of-concept to load a remote-access tool for post-exploitation activities.
– FortiSIEM versions impacted by the flaws include versions 7.1.0 through 7.1.1; 7.0.0 through 7.0.2; 6.7.0 through 6.7.8; 6.6.0 through 6.6.3; 6.5.0 through 6.5.2; and 6.4.0 through 6.4.2.
– Users of Fortinet’s FortiSIEM are advised to patch immediately to avoid compromise and potential exploitation of the critical vulnerability.
If you require further information or clarification, please don’t hesitate to ask.