Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Trending 3 weeks ago


Fortinet is informing of 2 caller unpatched spot bypasses for a captious distant codification execution vulnerability successful FortiSIEM, Fortinet's SIEM solution.

Fortinet added nan 2 caller vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original advisory for the CVE-2023-34992 flaw successful a very confusing update.

Earlier today, BleepingComputer published an article that nan CVEs were released by correction aft being told by Fortinet that they were duplicates of nan original CVE-2023-34992.

"In this instance, owed to an rumor pinch nan API which we are presently investigating, alternatively than an edit, this resulted successful 2 caller CVEs being created, duplicates of nan original CVE-2023-34992," Fortinet told BleepingComputer.

"There is nary caller vulnerability published for FortiSIEM truthful acold successful 2024, this is simply a strategy level correction and we are moving to rectify and retreat nan erroneous entries."

However, it turns retired that CVE-2024-23108 and CVE-2024-23109 are really spot bypasses for nan CVE-2023-34992 flaw discovered by Horizon3 vulnerability master Zach Hanley.

On X, Zach stated that nan caller CVEs are spot bypasses for CVE-2023-34992, and nan caller IDs were assigned to him by Fortinet.

Zach tweet

After contacting Fortinet erstwhile again, we were told their erstwhile connection was “misstated” and that nan 2 caller CVEs are variants of nan original flaw.

"The PSIRT squad followed its process to adhd 2 akin variants of nan erstwhile CVE (CVE-2023-34992), tracked as CVE-2024-23108 and CVE-2024-23109 to our nationalist advisory FG-IR-23-130, which was published successful October 2023. The 2 caller CVEs stock nan nonstop aforesaid explanation and people arsenic nan first one; successful parallel we updated MITRE. A reminder pointing to nan updated Advisory will beryllium included for our customers connected Tuesday erstwhile Fortinet publishes its monthly advisory." – Fortinet.

These 2 caller variants person nan aforesaid explanation arsenic nan original flaw, allowing unauthenticated attackers to execute commands via specially crafted API requests.

"Multiple improper neutralization of typical elements utilized successful an OS Command vulnerability [CWE-78] successful FortiSIEM supervisor whitethorn let a distant unauthenticated attacker to execute unauthorized commands via crafted API requests," sounds nan advisory.

While nan original flaw, CVE-2023-34992, was fixed successful a erstwhile FortiSIEM release, nan caller variants will beryllium fixed aliases person been fixed successful nan pursuing versions:

  • FortiSIEM type 7.1.2 aliases above
  • Upcoming FortiSIEM type 7.2.0 aliases above
  • Upcoming FortiSIEM type 7.0.3 aliases above
  • Upcoming FortiSIEM type 6.7.9 aliases above
  • Upcoming FortiSIEM type 6.6.5 aliases above
  • Upcoming FortiSIEM type 6.5.3 aliases above
  • Upcoming FortiSIEM type 6.4.4 aliases above

As this is simply a captious flaw, it is powerfully advised that you upgrade to 1 of nan supra FortiSIEM versions arsenic soon arsenic they go available.

Fortinet flaws are commonly targeted by threat actors, including ransomware gangs, who usage them to summation first entree to firm networks, truthful patching quickly is crucial.

BleepingComputer asked Fortinet erstwhile nan different versions will beryllium released and will update this communicative erstwhile we person a response.