May 29, 2024 at 02:10PM A critical vulnerability in Fortinet’s FortiSIEM product, CVE-2024-23108, poses a significant risk for potential exploitation. Dubbed “NodeZero” by researchers at Horizon3AI, the exploit enables unauthorized remote code execution on vulnerable appliances. Users of affected versions should patch immediately to mitigate the risk and prevent compromise. Based on the meeting notes, … Read more
February 7, 2024 at 07:57PM Fortinet warns of two unpatched patch bypasses, tracked as CVE-2024-23108 and CVE-2024-23109, for the critical remote code execution vulnerability in FortiSIEM. Originally considered duplicates, Fortinet now confirms they are valid variants of the original flaw, CVE-2023-34992. Upcoming FortiSIEM versions will address these vulnerabilities, so immediate upgrading is strongly recommended. Based … Read more
February 7, 2024 at 08:32AM NVD published two advisories regarding critical command injection vulnerabilities in Fortinet’s FortiSIEM products. However, it was revealed that the CVEs were duplicates of a known vulnerability issued in error. Fortinet has acknowledged this as a system-level error and is working on rectifying and withdrawing the erroneous entries. MITRE and other … Read more
February 6, 2024 at 03:09PM Two critical command injection vulnerabilities (CVE-2024-23108 and CVE-2024-23109) in Fortinet’s FortiSIEM product have provisional CVSS scores of 10. These flaws impact multiple versions of FortiSIEM, potentially allowing threat actors to execute unauthorized code. The link provided by Fortinet leads to a write-up on a prior vulnerability, hinting at a potential … Read more
February 6, 2024 at 08:37AM Fortinet’s FortiSIEM product is affected by two critical security vulnerabilities (CVE-2024-23108 and CVE-2024-23109) with a severity score of 10 on the CVSS scale. These flaws allow for remote code execution by unauthenticated attackers. Currently, the affected versions are specified, and Fortinet has recommended upgrading to version 7.1.2 to address the … Read more
November 16, 2023 at 10:22AM Fortinet has warned customers about a critical OS command injection vulnerability in its FortiSIEM report server. The flaw can be exploited by remote, unauthenticated attackers to execute unauthorized commands through specially crafted API requests. The vulnerability, tracked as CVE-2023-36553, is a variant of a previous vulnerability (CVE-2023-34992). Fortinet advises affected … Read more