FortiSIEM has been discovered with multiple OS command injection vulnerabilities, which could allow an unauthenticated remote threat actor to execute unauthorized commands on FortiSIEM via crafted API requests.

The CVEs for these vulnerabilities have been assigned with CVE-2024-23108 and CVE-2024-23109. The severity of these vulnerabilities was given as critical (>=9.8). However, Fortiguard has fixed all the vulnerabilities.

Fortinet has provided a link to its own advisory to furnish additional information. However, when users attempt to access the link, they are directed to an outdated issue that was previously addressed in early October 2023. It is recommended that users seek alternative sources of information until an updated advisory is made available.

CVE-2024-23108 & CVE-2024-23109: Improper Neutralization of Special Elements

These vulnerabilities exist due to an improper neutralization in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2. 

These vulnerabilities will allow a threat actor to execute unauthorized code or commands through specially crafted API requests. These vulnerabilities were credited to Zach Hanley from Horizon3.ai. The severity for these vulnerabilities was given as 10.0 (Critical).

CVE-2023-34992: Improper Neutralization of Special Elements

This vulnerability was also related to an OS command injection in Fortinet FortiSIEM that could allow an unauthenticated attacker to execute unauthorized codes or commands through crafted API requests. The severity for this vulnerability has been given as 9.8 (Critical).

Affected Products and Fixed in Version

Fortiguard has released a security advisory to address these vulnerabilities. Users of these products are recommended to upgrade to the latest version of FortiSIEM to prevent these vulnerabilities from getting exploited by threat actors.