CVE-2024-23108 & CVE-2024-23109 (CVSS 10): Critical Command Injection Flaws in Fortinet FortiSIEM

Fortinet, a renowned name in the cybersecurity realm, recently alerted its customers to two critical OS command injection vulnerabilities in its FortiSIEM supervisor. These vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109, have sent shockwaves through the cybersecurity community, as they could potentially allow remote, unauthenticated attackers to execute unauthorized commands through specially crafted API requests. With a CVSSv3.1 base score of 10.0 and a “Critical” severity rating, these vulnerabilities pose a significant threat to organizations across the globe.

FortiSIEM, short for Fortinet Security Information and Event Management, is a comprehensive cybersecurity solution that empowers organizations with enhanced visibility and granular control over their security posture. It is pivotal in safeguarding businesses of all sizes, spanning diverse sectors such as healthcare, finance, retail, e-commerce, government, and the public sector. Its ability to correlate security events, provide real-time insights, and streamline incident response makes it indispensable in the fight against cyber threats.

The vulnerabilities in question fall under “Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor.” In simpler terms, this means that FortiSIEM fails to adequately sanitize input, including special characters and control elements, before processing them as OS commands. This oversight opens the door for remote attackers to manipulate API requests, potentially leading to unauthorized data access, modification, or even deletion.

These flaws “may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.”

The vulnerabilities impact a wide range of FortiSIEM versions, including:

• FortiSIEM version 7.1.0 through 7.1.1
• FortiSIEM version 7.0.0 through 7.0.2
• FortiSIEM version 6.7.0 through 6.7.8
• FortiSIEM version 6.6.0 through 6.6.3
• FortiSIEM version 6.5.0 through 6.5.2
• FortiSIEM version 6.4.0 through 6.4.2

Fortinet has acted swiftly to address these vulnerabilities and has urged system administrators to take immediate action. To mitigate the risks associated with CVE-2024-23108 and CVE-2024-23109, organizations are advised to upgrade their FortiSIEM installations to the following versions:

• FortiSIEM version 7.1.2 or above
• Upcoming FortiSIEM version 7.2.0 or above
• Upcoming FortiSIEM version 7.0.3 or above
• Upcoming FortiSIEM version 6.7.9 or above
• Upcoming FortiSIEM version 6.6.5 or above
• Upcoming FortiSIEM version 6.5.3 or above
• Upcoming FortiSIEM version 6.4.4 or above

It’s worth noting that CVE-2024-23108 and CVE-2024-23109 may bear similarities to another critical security issue, CVE-2023-34992, which was addressed in early October. Because, when we search for these flaws on the Fortinet website, the page result shows the information for CVE-2023-34992. Perhaps, Fortinet will update this page soon.