Fortinet is warning of two new unpatched patch bypasses for a important distant code execution vulnerability in FortiSIEM, Fortinet’s SIEM answer.
Fortinet added the 2 new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the unique advisory for the CVE-2023-34992 flaw in a really complicated replace.
Earlier at the moment, BleepingComputer revealed an article that the CVEs have been launched by mistake after being advised by Fortinet that they have been duplicates of the unique CVE-2023-34992.
“On this occasion, as a result of a difficulty with the API which we’re at the moment investigating, somewhat than an edit, this resulted in two new CVEs being created, duplicates of the unique CVE-2023-34992,” Fortinet advised BleepingComputer.
“There isn’t a new vulnerability revealed for FortiSIEM up to now in 2024, it is a system degree error and we’re working to rectify and withdraw the misguided entries.”
Nevertheless, it seems that CVE-2024-23108 and CVE-2024-23109 are literally patch bypasses for the CVE-2023-34992 flaw found by Horizon3 vulnerability professional Zach Hanley.
On X, Zach said that the brand new CVEs are patch bypasses for CVE-2023-34992, and the brand new IDs have been assigned to him by Fortinet.
After contacting Fortinet as soon as once more, we have been advised their earlier assertion was “misstated” and that the 2 new CVEs are variants of the unique flaw.
“The PSIRT group adopted its course of so as to add two comparable variants of the earlier CVE (CVE-2023-34992), tracked as CVE-2024-23108 and CVE-2024-23109 to our public advisory FG-IR-23-130, which was revealed in October 2023. The 2 new CVEs share the very same description and rating because the preliminary one; in parallel we up to date MITRE. A reminder pointing to the up to date Advisory can be included for our clients on Tuesday when Fortinet publishes its month-to-month advisory.” – Fortinet.
These two new variants have the identical description as the unique flaw, permitting unauthenticated attackers to execute instructions through specifically crafted API requests.
“A number of improper neutralization of particular components utilized in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor might enable a distant unauthenticated attacker to execute unauthorized instructions through crafted API requests,” reads the advisory.
Whereas the unique flaw, CVE-2023-34992, was fastened in a earlier FortiSIEM launch, the brand new variants can be fastened or have been fastened within the following variations:
- FortiSIEM model 7.1.2 or above
- Upcoming FortiSIEM model 7.2.0 or above
- Upcoming FortiSIEM model 7.0.3 or above
- Upcoming FortiSIEM model 6.7.9 or above
- Upcoming FortiSIEM model 6.6.5 or above
- Upcoming FortiSIEM model 6.5.3 or above
- Upcoming FortiSIEM model 6.4.4 or above
As it is a important flaw, it’s strongly suggested that you simply improve to one of many above FortiSIEM variations as quickly as they turn into out there.
Fortinet flaws are generally focused by risk actors, together with ransomware gangs, who use them to realize preliminary entry to company networks, so patching shortly is essential.
BleepingComputer requested Fortinet when the opposite variations can be launched and can replace this story once we obtain a response.
