FortiSIEM’s Critical OS Command Injection Vulnerabilities: CVE-2024-23108 and CVE-2024-23109

Fortinet has recently issued a warning about two critical-severity vulnerabilities within its FortiSIEM platform. These vulnerabilities, identified as CVE-2024-23108 and CVE-2024-23109, both received the highest level of concern with a provisional Common Vulnerability Scoring System (CVSS) score of 10. These vulnerabilities have a high potential to be exploited without any form of authentication, a prospect that could allow remote attackers to execute arbitrary code with potentially devastating effects. These vulnerabilities are described as stemming from “improper neutralization of special elements,” a flaw which could allow a remote unauthenticated attacker to carry out unauthorized commands via crafted API requests. This particular type of vulnerability is known as an OS Command Injection flaw, categorized under CWE-78, which points to a critical risk in the way software processes untrusted data.

Connection to Previous Vulnerabilities

Interestingly, these new vulnerabilities seem to be interconnected or variations of a previously identified vulnerability, CVE-2023-34992, which was addressed by Fortinet in October 2023. This earlier issue also related to OS Command Injection vulnerabilities and was assigned a CVSS score of 9.8, indicating its severe potential impact on system confidentiality, integrity, and availability.

Versions Affected

The implications of these vulnerabilities span across multiple versions of the FortiSIEM platform, affecting versions 7.1.x, 7.0.x, 6.7.x, 6.6.x, 6.5.x, and 6.4.x. Fortinet has acted by incorporating patches within FortiSIEM version 7.1.2, while updates for the other affected versions are reportedly in the pipeline, emphasizing the need for users to apply these updates promptly to mitigate risks.

Attack Vectors and CIA Triad Impact

The attack vector for both CVE-2024-23108 and CVE-2024-23109 is notably significant due to its remote exploitability, requiring no prior authentication (AV:N/AC:L/PR:N/UI:N) and allowing an attacker to impact systems from anywhere on the internet. The low complexity of the attack (AC:L) means that it does not require specialized knowledge or conditions to execute, making it accessible to a wider range of threat actors. Additionally, the lack of required user interaction (UI:N) and the possibility to target systems across boundaries (S:C for CVE-2024-23109) further escalate the risks associated with these vulnerabilities. The CVSS scores reflect the severe impact these vulnerabilities can have on the confidentiality, integrity, and availability (CIA) of the affected systems, with both vulnerabilities receiving a critical rating. The discrepancy in scores between NIST (9.8) and Fortinet (10.0) highlights a variance in assessment, possibly due to differing interpretations of the scope (S:U vs. S:C) – whether the vulnerability affects systems beyond the security boundary.

CERT-EU Response

Adding to the gravity of the situation, the Computer Emergency Response Team for the EU (CERT-EU) issued an alert, urging users to update their systems to patched versions as a precautionary measure against potential exploits. This advisory reflects a broader concern within the cybersecurity community regarding the exploitation of such vulnerabilities, which, although not yet reported to be exploited in the wild, represent a significant risk given Fortinet’s extensive use in enterprise environments.

Importance of Regular Updates and Best Practices

The discovery and subsequent reissue of CVE-2024-23108 and CVE-2024-23109 in Fortinet’s FortiSIEM, initially thought to be a duplication error for CVEs previously issued last October, highlights the urgent need for organizations to regularly update and patch their systems, particularly those central to security operations. Effective vulnerability management and adherence to cybersecurity best practices are essential to protect against potential exploits and maintain the integrity of security infrastructures. These steps are critical in mitigating the risks posed by such vulnerabilities and ensuring the continued effectiveness of security monitoring tools.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

Copyright © Netizen Corporation. All Rights Reserved.