Security News > 2024 > February > Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error
NVD published two advisories this week for critical command injection vulnerabilities purportedly impacting Fortinet's FortiSIEM products, but there's more to what meets the eye.
BleepingComputer has confirmed that these CVEs are not "New," but duplicates of a previously known FortiSIEM vulnerability and were issued in error.
Fortinet: 'No new vulnerability' in FortiSIEM in 2024.
Confusingly enough, Fortinet's advisory associated with these CVEs bears a publication date of "Oct 10, 2023"-not yesterdaty's, and additionally lists a previously known CVE-2023-34992, also a critical FortiSIEM OS command injection flaw.
"In this instance, due to an issue with the API which we are currently investigating, rather than an edit, this resulted in two new CVEs being created, duplicates of the original CVE-2023-34992. There is no new vulnerability published for FortiSIEM so far in 2024, this is a system level error and we are working to rectify and withdraw the erroneous entries."
Last year, various cybersecurity reports confirmed bugs in Fortinet products being exploited by Iranian hackers to attack U.S. aeronautical firms and Chinese cyber-espionage clusters [1, 2]. Additionally, there have been cases where hackers exploited zero-day vulnerabilities in Fortinet products to breach government networks, discovered after painstakingly reverse-engineering specific FortiGate OS components.
News URL
Related news
- Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) (source)
- Critical Fortinet flaw may impact 150,000 exposed devices (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- More than 133,000 Fortinet appliances still vulnerable to month-old critical bug (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-34992 | OS Command Injection vulnerability in Fortinet Fortisiem A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. | 9.8 |