Security News > 2024 > May > PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)
Ai researches have released proof-of-concept exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances.
CVE-2024-23108 and CVE-2024-23109 are OS command injection vulnerabilities in the FortiSIEM supervisor and can be exploited remotely, without authentication, with specially crafted API requests.
PoCs for CVE-2024-23108 and CVE-2023-34992 have been published by Hanley on GitHub.
Hanley has noted that "There is very little difference in the exploitation of the previous command injection, CVE-2023-34992, to this one, CVE-2024-23108, reported 6 months later", and said that attempts to exploit them will leave evidence in the logs for the phMonitor service.
Attempts to exploit CVE-2024-23108 will leave a log message containing a failed command with datastore.
Admins should check their FortiSIEM installations and upgrade to a version containing the fix.
News URL
https://www.helpnetsecurity.com/2024/05/29/cve-2024-23108-cve-2023-34992-poc/
Related news
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-23109 | OS Command Injection vulnerability in Fortinet Fortisiem An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | 9.8 |
| 2024-02-05 | CVE-2024-23108 | OS Command Injection vulnerability in Fortinet Fortisiem An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | 9.8 |
| 2023-10-10 | CVE-2023-34992 | OS Command Injection vulnerability in Fortinet Fortisiem A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. | 9.8 |