The Information Highway

The Information Highway
Font size: +
  Print
2 minutes reading time (324 words)

Critical vulnerability discovered in FortiSIEM

107 Hits

Threat update

A new critical command injection vulnerability, CVE-2024-23108, was found in Fortinet's FortiSIEM solution. This vulnerability poses significant risks to organizations using the solution. 

Technical Detail and Additional Info

What is the threat?

CVE-2024-23108 impacts FortiSIEM versions 6.4.0 and higher. This vulnerability allows remote, unauthenticated attackers to execute commands as the root user on affected systems by sending specially crafted API requests. It originates from the improper neutralization of special elements used in OS commands, which can be manipulated to execute unauthorized commands via the datastore.py script. An attacker can leverage this flaw to gain root access to any Internet-exposed and unpatched FortiSIEM appliances.

Why is it noteworthy?

A proof-of-concept of the vulnerability has been released, making it a target for exploitation in the wild. To exploit the vulnerability, an attacker only needs to send crafted API requests to the targeted FortiSIEM supervisor component. Upon a successful, the attacker can conduct remote command execution as the root user, without authentication. This gives the attackers full control over affected systems that can lead to severe security breaches, data theft, and disruption of services. 

What is the exposure or risk?

With full control over affected systems, attackers can access sensitive information, manipulate data, disrupt operations, and move laterally to deepen the attack within the system. As organizations rely on FortiSIEM for security monitoring and event management, a successful exploit could lead to severe damage to their systems and compromise the integrity of their security infrastructure.

What are the recommendations?

 LBT Technology Group recommends the following actions to reduce the risk of exploitation and protect systems from potential attacks leveraging CVE-2024-23108:

  • Apply the latest security patches provided by Fortinet for FortiSIEM versions 6.4.0 and higher.
  • Implement strict access control measures.
  • Implement comprehensive monitoring and logging solutions.

References

 For more in-depth information about the recommendations, please visit the following links:




If you have any questions, please contact LBT's Sales Engineer.

0
How do you feel about this post?
Happy (0)
Love (0)
Surprised (0)
Sad (0)
Angry (0)
Tags:
move block ​ command injection vulnerability CVE -2024-23108 FortiSIEM solution
Oracle WebLogic Server vulnerability
Hackers phish finance orgs using trojanized Minesw...

About the author

LBT Technology Group, LLC.

LBT Technology Group, LLC.

As we navigate our ever-evolving cyber society, LBT Technology Group believes providing comprehensive IT services to others is essential. As a Managed IT Services Provider (MSP), we are positioned to eliminate your pain points by optimizing your technology, mitigating your cyber security risk footprint, and improving your cyber resilence. The focus we place on reducing the presistent cyber security risks to the confidentiality, integrity, and availability of your information systems and our proficiency in restoring IT services in the event of a cyber attack or technology outage separates us from our competitors--WE SIMPLIFY YOUR IT EQUATION.
Author's recent posts
More posts from author

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Tuesday, 18 June 2024

Captcha Image