NVD revealed two advisories this week for crucial command injection vulnerabilities purportedly impacting Fortinet’s FortiSIEM merchandise, however there’s extra to what meets the attention.
BleepingComputer has confirmed that these CVEs will not be “new,” however duplicates of a beforehand identified FortiSIEM vulnerability and had been issued in error.
Fortinet: ‘No new vulnerability’ in FortiSIEM in 2024
Two crucial severity vulnerability advisories have emerged on NVD, implicating ForiSIEM, Fortinet’s SIEM resolution.
These OS command injection vulnerabilities, tracked as CVE-2024-23108 and CVE-2024-23109 had been every scored as a ten/10, the best on the CVSS scale that’s used to outline the severity related to a vulnerability.
Confusingly sufficient, Fortinet’s advisory related to these CVEs bears a publication date of “Oct 10, 2023″—not yesterday’s, and moreover lists a beforehand identified CVE-2023-34992, additionally a crucial FortiSIEM OS command injection flaw.
BleepingComputer reached out to the seller for clarification and seems, there’s nothing to see right here—the 2 new CVE IDs, CVE-2024-23108 and CVE-2024-23109 have been generated in error.
“A modification was made to the unique FG-IR-23-130 – which generally occurs to make sure ongoing accuracy of knowledge and updates are pushed to the NVD Database in parallel to maintain the 2 techniques in sync,” a Fortinet spokesperson advised BleepingComputer.
“On this occasion, attributable to a difficulty with the API which we’re presently investigating, somewhat than an edit, this resulted in two new CVEs being created, duplicates of the unique CVE-2023-34992. There isn’t a new vulnerability revealed for FortiSIEM up to now in 2024, this can be a system degree error and we’re working to rectify and withdraw the faulty entries.”
As such, MITRE, NVD, and different vulnerability intel sources ought to ideally shortly begin revoking advisories for CVE-2024-23108 and CVE-2024-23109.
Consequently, InfoSec/IT groups which have already addressed final 12 months’s CVE-2023-34992 of their environments shouldn’t must take any additional motion. We nonetheless recommending trying out Fortinet’s newest advisory on the CVE to make certain of affected merchandise and variations with a repair.
Command injection vulnerability in overview
Disclosed in October final 12 months, the now-patched CVE-2023-34992 is an OS Command Injection vulnerability in FortiSIEM supervisor that might permit unauthenticated distant attackers “to execute unauthorized instructions through crafted API requests.”
In November 2023, a variant of CVE-2023-34992 emerged, tracked on the time as CVE-2023-36553 and comparable by way of its nature and severity.
Fortinet merchandise embrace firewalls, endpoint security, and intrusion detection techniques generally utilized by enterprises. These have typically been focused by subtle, state-backed hacking teams, for entry to a corporation’s community.
Final 12 months, varied cybersecurity reviews confirmed bugs in Fortinet merchandise being exploited by Iranian hackers to assault U.S. aeronautical corporations and Chinese language cyber-espionage clusters [1, 2].
Moreover, there have been circumstances the place hackers exploited zero-day vulnerabilities in Fortinet merchandise to breach authorities networks, found after painstakingly reverse-engineering particular FortiGate OS parts.
Sergiu Gatlan of BleepingComputer contributed to this report.