CVE-2024-23108

Name of the Vulnerable Software and Affected Versions Fortinet FortiSIEM versions 6.4.0 through 6.4.2 Fortinet FortiSIEM versions 6.5.0 through 6.5.2 Fortinet FortiSIEM versions 6.6.0 through 6.6.3 Fortinet FortiSIEM versions 6.7.0 through 6.7.8 Fortinet FortiSIEM versions 7.0.0 through 7.0.2 Fortinet FortiSIEM versions 7.1.0 through 7.1.1

Description The issue is related to an improper neutralization of special elements used in an os command, also known as 'os command injection', in Fortinet FortiSIEM. This allows an attacker to execute unauthorized code or commands via crafted API requests. The vulnerability can be exploited remotely by an unauthenticated attacker, allowing them to execute arbitrary commands. There have been reports of this issue being actively exploited.

Recommendations For Fortinet FortiSIEM versions 6.4.0 through 6.4.2, update to a newer version that contains a fix for this issue. For Fortinet FortiSIEM versions 6.5.0 through 6.5.2, update to a newer version that contains a fix for this issue. For Fortinet FortiSIEM versions 6.6.0 through 6.6.3, update to a newer version that contains a fix for this issue. For Fortinet FortiSIEM versions 6.7.0 through 6.7.8, update to a newer version that contains a fix for this issue. For Fortinet FortiSIEM versions 7.0.0 through 7.0.2, update to a newer version that contains a fix for this issue. For Fortinet FortiSIEM versions 7.1.0 through 7.1.1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available.