Security News > 2024 > February > Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error
NVD published two advisories this week for critical command injection vulnerabilities purportedly impacting Fortinet's FortiSIEM products, but there's more to what meets the eye.
BleepingComputer has confirmed that these CVEs are not "New," but duplicates of a previously known FortiSIEM vulnerability and were issued in error.
Fortinet: 'No new vulnerability' in FortiSIEM in 2024.
Confusingly enough, Fortinet's advisory associated with these CVEs bears a publication date of "Oct 10, 2023"-not yesterdaty's, and additionally lists a previously known CVE-2023-34992, also a critical FortiSIEM OS command injection flaw.
"In this instance, due to an issue with the API which we are currently investigating, rather than an edit, this resulted in two new CVEs being created, duplicates of the original CVE-2023-34992. There is no new vulnerability published for FortiSIEM so far in 2024, this is a system level error and we are working to rectify and withdraw the erroneous entries."
Last year, various cybersecurity reports confirmed bugs in Fortinet products being exploited by Iranian hackers to attack U.S. aeronautical firms and Chinese cyber-espionage clusters [1, 2]. Additionally, there have been cases where hackers exploited zero-day vulnerabilities in Fortinet products to breach government networks, discovered after painstakingly reverse-engineering specific FortiGate OS components.
News URL
Related news
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-10 | CVE-2023-34992 | OS Command Injection vulnerability in Fortinet Fortisiem A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. | 9.8 |