Snodgrass Security Update – Fortinet FortiSIEM Vulnerability

Vulnerability Name: Fortinet FortiSIEM Platforms Vulnerability
CVE #s: CVE-2024-23108 and CVE-2024-23109
Platform or Software Package(s) Affected: Fortinet FortiSIEM product line (version 7.1.1 and any version prior) 
Criticality: Critical (CVE scores of 10)


Recommended Action: For any customers using the above-noted Fortinet FortiSIEM versions, visit the vendor’s website immediately. Patches are available, depending on which firmware/software version you are running, to patch this critical vulnerability.  

Overview of Concern and Overview of Remediation: The Fortigate FortiSIEM product for log collection and analysis is affected by two critical-ranking vulnerabilities that allow for command injection flaws, which can allow the execution of unauthorized code. Versions 7.1.2 and above currently address this flaw. However, more research is being done, and new releases may be issued in the near future. Clients using affected Fortigate FortiSIEM products should diligently check the manufacturer’s website for future releases after patching their system, as research may find further vulnerabilities and the need for further patching. Additional information is linked below:

https://www.darkreading.com/vulnerabilities-threats/fortinet-fortisiem-hit-with-twin-max-severity-bugs

https://www.cve.org/CVERecord?id=CVE-2024-23109

https://www.cve.org/CVERecord?id=CVE-2024-23108

Additionally, we urge all customers using any Fortigate product (not just their security information and event management solutions) to review Fortigate’s website and news relating to this vulnerability, as often vendors will later announce other affected products. Please be vigilant in updating your products more often in the upcoming days/weeks.

Please contact Jeremy Burris at S.R. Snodgrass, P.C. with any questions (jburris@srsnodgrass.com).

Share:

Facebook
Twitter
Pinterest
LinkedIn
Get The Latest Updates

Subscribe To Our Newsletter

Name

Most Popular

Related Posts

audit & assurance Snodgrass Podcast

Audit & Assurance: A Conversation with Brendan Whalen | S.R. Snodgrass Podcast Episode 11

In this latest podcast from S.R. Snodgrass, HR Director, Lenore Seifer and Brendan Whalen, Principal in the Audit & Assurance Group, discuss how the firm’s focus on team development and client relationships drives success. Watch and listen as they reveal how Snodgrass maintains a positive culture, adapts to industry changes, and supports ongoing growth and collaboration.