Fortinet reports new max severity issues in FortiSIEM in error, but the bug exists

published: Feb. 6, 2024

Take action: The new vulnerabilities are duplicates from old one, but it's still yime to patch your FortiSIEM for the older vulnerability - especially if it's visible from the internet. If the patch for your version is not available yet, isolate access from the internet ASAP.


Learn More

Update - It appears that the vulnerabilities, CVE-2024-23108 and CVE-2024-23109, were duplicates of a previously known issue, CVE-2023-34992. Fortinet released them in error but clarified that no new vulnerability exists, attributing the error to a system glitch. MITRE and other sources are expected to revoke the advisories for the erroneous CVEs.

Fortinet's FortiSIEM, a cybersecurity product providing security information and event management capabilities, is facing two critical vulnerabilities, tracked as CVE-2024-23108 and CVE-2024-23109. Both vulnerabilities have been assigned maximum severoty CVSS score of 10. The essence of these vulnerabilities lies in the improper neutralization of special elements used in an OS Command (CWE-78), potentially allowing attackers to execute unauthorized commands via crafted API requests.

The affected versions span a considerable range of FortiSIEM release:

  • FortiSIEM version 7.1.0 through 7.1.1
  • FortiSIEM version 7.0.0 through 7.0.2
  • FortiSIEM version 6.7.0 through 6.7.8
  • FortiSIEM version 6.6.0 through 6.6.3
  • FortiSIEM version 6.5.0 through 6.5.2
  • FortiSIEM version 6.4.0 through 6.4.2

Fortinet has urged customers to upgrade their platforms:

  • Please upgrade to FortiSIEM version 7.1.2 or above
  • Please upgrade to upcoming FortiSIEM version 7.2.0 or above
  • Please upgrade to upcoming FortiSIEM version 7.0.3 or above
  • Please upgrade to upcoming FortiSIEM version 6.7.9 or above
  • Please upgrade to upcoming FortiSIEM version 6.6.5 or above
  • Please upgrade to upcoming FortiSIEM version 6.5.3 or above
  • Please upgrade to upcoming FortiSIEM version 6.4.4 or above

These vulnerabilities are similar to a previous issue identified in October as CVE-2023-34992, suggesting a recurring pattern in the security challenges faced by FortiSIEM. No exploits have been publicly disclosed as of yet, underscoring the urgency for administrators to apply necessary updates to mitigate potential risks.

Fortinet reports new max severity issues in FortiSIEM in error, but the bug exists